{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE TypeFamilies #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-binds #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.CertificateManagerPCA.CreateCertificateAuthority
-- Copyright   : (c) 2013-2023 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
--
-- Creates a root or subordinate private certificate authority (CA). You
-- must specify the CA configuration, an optional configuration for Online
-- Certificate Status Protocol (OCSP) and\/or a certificate revocation list
-- (CRL), the CA type, and an optional idempotency token to avoid
-- accidental creation of multiple CAs. The CA configuration specifies the
-- name of the algorithm and key size to be used to create the CA private
-- key, the type of signing algorithm that the CA uses, and X.500 subject
-- information. The OCSP configuration can optionally specify a custom URL
-- for the OCSP responder. The CRL configuration specifies the CRL
-- expiration period in days (the validity period of the CRL), the Amazon
-- S3 bucket that will contain the CRL, and a CNAME alias for the S3 bucket
-- that is included in certificates issued by the CA. If successful, this
-- action returns the Amazon Resource Name (ARN) of the CA.
--
-- Both Amazon Web Services Private CA and the IAM principal must have
-- permission to write to the S3 bucket that you specify. If the IAM
-- principal making the call does not have permission to write to the
-- bucket, then an exception is thrown. For more information, see
-- <https://docs.aws.amazon.com/privateca/latest/userguide/crl-planning.html#s3-policies Access policies for CRLs in Amazon S3>.
--
-- Amazon Web Services Private CA assets that are stored in Amazon S3 can
-- be protected with encryption. For more information, see
-- <https://docs.aws.amazon.com/privateca/latest/userguide/PcaCreateCa.html#crl-encryption Encrypting Your CRLs>.
module Amazonka.CertificateManagerPCA.CreateCertificateAuthority
  ( -- * Creating a Request
    CreateCertificateAuthority (..),
    newCreateCertificateAuthority,

    -- * Request Lenses
    createCertificateAuthority_idempotencyToken,
    createCertificateAuthority_keyStorageSecurityStandard,
    createCertificateAuthority_revocationConfiguration,
    createCertificateAuthority_tags,
    createCertificateAuthority_usageMode,
    createCertificateAuthority_certificateAuthorityConfiguration,
    createCertificateAuthority_certificateAuthorityType,

    -- * Destructuring the Response
    CreateCertificateAuthorityResponse (..),
    newCreateCertificateAuthorityResponse,

    -- * Response Lenses
    createCertificateAuthorityResponse_certificateAuthorityArn,
    createCertificateAuthorityResponse_httpStatus,
  )
where

import Amazonka.CertificateManagerPCA.Types
import qualified Amazonka.Core as Core
import qualified Amazonka.Core.Lens.Internal as Lens
import qualified Amazonka.Data as Data
import qualified Amazonka.Prelude as Prelude
import qualified Amazonka.Request as Request
import qualified Amazonka.Response as Response

-- | /See:/ 'newCreateCertificateAuthority' smart constructor.
data CreateCertificateAuthority = CreateCertificateAuthority'
  { -- | Custom string that can be used to distinguish between calls to the
    -- __CreateCertificateAuthority__ action. Idempotency tokens for
    -- __CreateCertificateAuthority__ time out after five minutes. Therefore,
    -- if you call __CreateCertificateAuthority__ multiple times with the same
    -- idempotency token within five minutes, Amazon Web Services Private CA
    -- recognizes that you are requesting only certificate authority and will
    -- issue only one. If you change the idempotency token for each call,
    -- Amazon Web Services Private CA recognizes that you are requesting
    -- multiple certificate authorities.
    CreateCertificateAuthority -> Maybe Text
idempotencyToken :: Prelude.Maybe Prelude.Text,
    -- | Specifies a cryptographic key management compliance standard used for
    -- handling CA keys.
    --
    -- Default: FIPS_140_2_LEVEL_3_OR_HIGHER
    --
    -- /Note:/ @FIPS_140_2_LEVEL_3_OR_HIGHER@ is not supported in the following
    -- Regions:
    --
    -- -   ap-northeast-3
    --
    -- -   ap-southeast-3
    --
    -- When creating a CA in these Regions, you must provide
    -- @FIPS_140_2_LEVEL_2_OR_HIGHER@ as the argument for
    -- @KeyStorageSecurityStandard@. Failure to do this results in an
    -- @InvalidArgsException@ with the message, \"A certificate authority
    -- cannot be created in this region with the specified security standard.\"
    CreateCertificateAuthority -> Maybe KeyStorageSecurityStandard
keyStorageSecurityStandard :: Prelude.Maybe KeyStorageSecurityStandard,
    -- | Contains information to enable Online Certificate Status Protocol (OCSP)
    -- support, to enable a certificate revocation list (CRL), to enable both,
    -- or to enable neither. The default is for both certificate validation
    -- mechanisms to be disabled.
    --
    -- The following requirements apply to revocation configurations.
    --
    -- -   A configuration disabling CRLs or OCSP must contain only the
    --     @Enabled=False@ parameter, and will fail if other parameters such as
    --     @CustomCname@ or @ExpirationInDays@ are included.
    --
    -- -   In a CRL configuration, the @S3BucketName@ parameter must conform to
    --     <https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html Amazon S3 bucket naming rules>.
    --
    -- -   A configuration containing a custom Canonical Name (CNAME) parameter
    --     for CRLs or OCSP must conform to
    --     <https://www.ietf.org/rfc/rfc2396.txt RFC2396> restrictions on the
    --     use of special characters in a CNAME.
    --
    -- -   In a CRL or OCSP configuration, the value of a CNAME parameter must
    --     not include a protocol prefix such as \"http:\/\/\" or
    --     \"https:\/\/\".
    --
    -- For more information, see the
    -- <https://docs.aws.amazon.com/privateca/latest/APIReference/API_OcspConfiguration.html OcspConfiguration>
    -- and
    -- <https://docs.aws.amazon.com/privateca/latest/APIReference/API_CrlConfiguration.html CrlConfiguration>
    -- types.
    CreateCertificateAuthority -> Maybe RevocationConfiguration
revocationConfiguration :: Prelude.Maybe RevocationConfiguration,
    -- | Key-value pairs that will be attached to the new private CA. You can
    -- associate up to 50 tags with a private CA. For information using tags
    -- with IAM to manage permissions, see
    -- <https://docs.aws.amazon.com/IAM/latest/UserGuide/access_iam-tags.html Controlling Access Using IAM Tags>.
    CreateCertificateAuthority -> Maybe (NonEmpty Tag)
tags :: Prelude.Maybe (Prelude.NonEmpty Tag),
    -- | Specifies whether the CA issues general-purpose certificates that
    -- typically require a revocation mechanism, or short-lived certificates
    -- that may optionally omit revocation because they expire quickly.
    -- Short-lived certificate validity is limited to seven days.
    --
    -- The default value is GENERAL_PURPOSE.
    CreateCertificateAuthority -> Maybe CertificateAuthorityUsageMode
usageMode :: Prelude.Maybe CertificateAuthorityUsageMode,
    -- | Name and bit size of the private key algorithm, the name of the signing
    -- algorithm, and X.500 certificate subject information.
    CreateCertificateAuthority -> CertificateAuthorityConfiguration
certificateAuthorityConfiguration :: CertificateAuthorityConfiguration,
    -- | The type of the certificate authority.
    CreateCertificateAuthority -> CertificateAuthorityType
certificateAuthorityType :: CertificateAuthorityType
  }
  deriving (CreateCertificateAuthority -> CreateCertificateAuthority -> Bool
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: CreateCertificateAuthority -> CreateCertificateAuthority -> Bool
$c/= :: CreateCertificateAuthority -> CreateCertificateAuthority -> Bool
== :: CreateCertificateAuthority -> CreateCertificateAuthority -> Bool
$c== :: CreateCertificateAuthority -> CreateCertificateAuthority -> Bool
Prelude.Eq, ReadPrec [CreateCertificateAuthority]
ReadPrec CreateCertificateAuthority
Int -> ReadS CreateCertificateAuthority
ReadS [CreateCertificateAuthority]
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [CreateCertificateAuthority]
$creadListPrec :: ReadPrec [CreateCertificateAuthority]
readPrec :: ReadPrec CreateCertificateAuthority
$creadPrec :: ReadPrec CreateCertificateAuthority
readList :: ReadS [CreateCertificateAuthority]
$creadList :: ReadS [CreateCertificateAuthority]
readsPrec :: Int -> ReadS CreateCertificateAuthority
$creadsPrec :: Int -> ReadS CreateCertificateAuthority
Prelude.Read, Int -> CreateCertificateAuthority -> ShowS
[CreateCertificateAuthority] -> ShowS
CreateCertificateAuthority -> String
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [CreateCertificateAuthority] -> ShowS
$cshowList :: [CreateCertificateAuthority] -> ShowS
show :: CreateCertificateAuthority -> String
$cshow :: CreateCertificateAuthority -> String
showsPrec :: Int -> CreateCertificateAuthority -> ShowS
$cshowsPrec :: Int -> CreateCertificateAuthority -> ShowS
Prelude.Show, forall x.
Rep CreateCertificateAuthority x -> CreateCertificateAuthority
forall x.
CreateCertificateAuthority -> Rep CreateCertificateAuthority x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x.
Rep CreateCertificateAuthority x -> CreateCertificateAuthority
$cfrom :: forall x.
CreateCertificateAuthority -> Rep CreateCertificateAuthority x
Prelude.Generic)

-- |
-- Create a value of 'CreateCertificateAuthority' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'idempotencyToken', 'createCertificateAuthority_idempotencyToken' - Custom string that can be used to distinguish between calls to the
-- __CreateCertificateAuthority__ action. Idempotency tokens for
-- __CreateCertificateAuthority__ time out after five minutes. Therefore,
-- if you call __CreateCertificateAuthority__ multiple times with the same
-- idempotency token within five minutes, Amazon Web Services Private CA
-- recognizes that you are requesting only certificate authority and will
-- issue only one. If you change the idempotency token for each call,
-- Amazon Web Services Private CA recognizes that you are requesting
-- multiple certificate authorities.
--
-- 'keyStorageSecurityStandard', 'createCertificateAuthority_keyStorageSecurityStandard' - Specifies a cryptographic key management compliance standard used for
-- handling CA keys.
--
-- Default: FIPS_140_2_LEVEL_3_OR_HIGHER
--
-- /Note:/ @FIPS_140_2_LEVEL_3_OR_HIGHER@ is not supported in the following
-- Regions:
--
-- -   ap-northeast-3
--
-- -   ap-southeast-3
--
-- When creating a CA in these Regions, you must provide
-- @FIPS_140_2_LEVEL_2_OR_HIGHER@ as the argument for
-- @KeyStorageSecurityStandard@. Failure to do this results in an
-- @InvalidArgsException@ with the message, \"A certificate authority
-- cannot be created in this region with the specified security standard.\"
--
-- 'revocationConfiguration', 'createCertificateAuthority_revocationConfiguration' - Contains information to enable Online Certificate Status Protocol (OCSP)
-- support, to enable a certificate revocation list (CRL), to enable both,
-- or to enable neither. The default is for both certificate validation
-- mechanisms to be disabled.
--
-- The following requirements apply to revocation configurations.
--
-- -   A configuration disabling CRLs or OCSP must contain only the
--     @Enabled=False@ parameter, and will fail if other parameters such as
--     @CustomCname@ or @ExpirationInDays@ are included.
--
-- -   In a CRL configuration, the @S3BucketName@ parameter must conform to
--     <https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html Amazon S3 bucket naming rules>.
--
-- -   A configuration containing a custom Canonical Name (CNAME) parameter
--     for CRLs or OCSP must conform to
--     <https://www.ietf.org/rfc/rfc2396.txt RFC2396> restrictions on the
--     use of special characters in a CNAME.
--
-- -   In a CRL or OCSP configuration, the value of a CNAME parameter must
--     not include a protocol prefix such as \"http:\/\/\" or
--     \"https:\/\/\".
--
-- For more information, see the
-- <https://docs.aws.amazon.com/privateca/latest/APIReference/API_OcspConfiguration.html OcspConfiguration>
-- and
-- <https://docs.aws.amazon.com/privateca/latest/APIReference/API_CrlConfiguration.html CrlConfiguration>
-- types.
--
-- 'tags', 'createCertificateAuthority_tags' - Key-value pairs that will be attached to the new private CA. You can
-- associate up to 50 tags with a private CA. For information using tags
-- with IAM to manage permissions, see
-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/access_iam-tags.html Controlling Access Using IAM Tags>.
--
-- 'usageMode', 'createCertificateAuthority_usageMode' - Specifies whether the CA issues general-purpose certificates that
-- typically require a revocation mechanism, or short-lived certificates
-- that may optionally omit revocation because they expire quickly.
-- Short-lived certificate validity is limited to seven days.
--
-- The default value is GENERAL_PURPOSE.
--
-- 'certificateAuthorityConfiguration', 'createCertificateAuthority_certificateAuthorityConfiguration' - Name and bit size of the private key algorithm, the name of the signing
-- algorithm, and X.500 certificate subject information.
--
-- 'certificateAuthorityType', 'createCertificateAuthority_certificateAuthorityType' - The type of the certificate authority.
newCreateCertificateAuthority ::
  -- | 'certificateAuthorityConfiguration'
  CertificateAuthorityConfiguration ->
  -- | 'certificateAuthorityType'
  CertificateAuthorityType ->
  CreateCertificateAuthority
newCreateCertificateAuthority :: CertificateAuthorityConfiguration
-> CertificateAuthorityType -> CreateCertificateAuthority
newCreateCertificateAuthority
  CertificateAuthorityConfiguration
pCertificateAuthorityConfiguration_
  CertificateAuthorityType
pCertificateAuthorityType_ =
    CreateCertificateAuthority'
      { $sel:idempotencyToken:CreateCertificateAuthority' :: Maybe Text
idempotencyToken =
          forall a. Maybe a
Prelude.Nothing,
        $sel:keyStorageSecurityStandard:CreateCertificateAuthority' :: Maybe KeyStorageSecurityStandard
keyStorageSecurityStandard = forall a. Maybe a
Prelude.Nothing,
        $sel:revocationConfiguration:CreateCertificateAuthority' :: Maybe RevocationConfiguration
revocationConfiguration = forall a. Maybe a
Prelude.Nothing,
        $sel:tags:CreateCertificateAuthority' :: Maybe (NonEmpty Tag)
tags = forall a. Maybe a
Prelude.Nothing,
        $sel:usageMode:CreateCertificateAuthority' :: Maybe CertificateAuthorityUsageMode
usageMode = forall a. Maybe a
Prelude.Nothing,
        $sel:certificateAuthorityConfiguration:CreateCertificateAuthority' :: CertificateAuthorityConfiguration
certificateAuthorityConfiguration =
          CertificateAuthorityConfiguration
pCertificateAuthorityConfiguration_,
        $sel:certificateAuthorityType:CreateCertificateAuthority' :: CertificateAuthorityType
certificateAuthorityType =
          CertificateAuthorityType
pCertificateAuthorityType_
      }

-- | Custom string that can be used to distinguish between calls to the
-- __CreateCertificateAuthority__ action. Idempotency tokens for
-- __CreateCertificateAuthority__ time out after five minutes. Therefore,
-- if you call __CreateCertificateAuthority__ multiple times with the same
-- idempotency token within five minutes, Amazon Web Services Private CA
-- recognizes that you are requesting only certificate authority and will
-- issue only one. If you change the idempotency token for each call,
-- Amazon Web Services Private CA recognizes that you are requesting
-- multiple certificate authorities.
createCertificateAuthority_idempotencyToken :: Lens.Lens' CreateCertificateAuthority (Prelude.Maybe Prelude.Text)
createCertificateAuthority_idempotencyToken :: Lens' CreateCertificateAuthority (Maybe Text)
createCertificateAuthority_idempotencyToken = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateCertificateAuthority' {Maybe Text
idempotencyToken :: Maybe Text
$sel:idempotencyToken:CreateCertificateAuthority' :: CreateCertificateAuthority -> Maybe Text
idempotencyToken} -> Maybe Text
idempotencyToken) (\s :: CreateCertificateAuthority
s@CreateCertificateAuthority' {} Maybe Text
a -> CreateCertificateAuthority
s {$sel:idempotencyToken:CreateCertificateAuthority' :: Maybe Text
idempotencyToken = Maybe Text
a} :: CreateCertificateAuthority)

-- | Specifies a cryptographic key management compliance standard used for
-- handling CA keys.
--
-- Default: FIPS_140_2_LEVEL_3_OR_HIGHER
--
-- /Note:/ @FIPS_140_2_LEVEL_3_OR_HIGHER@ is not supported in the following
-- Regions:
--
-- -   ap-northeast-3
--
-- -   ap-southeast-3
--
-- When creating a CA in these Regions, you must provide
-- @FIPS_140_2_LEVEL_2_OR_HIGHER@ as the argument for
-- @KeyStorageSecurityStandard@. Failure to do this results in an
-- @InvalidArgsException@ with the message, \"A certificate authority
-- cannot be created in this region with the specified security standard.\"
createCertificateAuthority_keyStorageSecurityStandard :: Lens.Lens' CreateCertificateAuthority (Prelude.Maybe KeyStorageSecurityStandard)
createCertificateAuthority_keyStorageSecurityStandard :: Lens' CreateCertificateAuthority (Maybe KeyStorageSecurityStandard)
createCertificateAuthority_keyStorageSecurityStandard = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateCertificateAuthority' {Maybe KeyStorageSecurityStandard
keyStorageSecurityStandard :: Maybe KeyStorageSecurityStandard
$sel:keyStorageSecurityStandard:CreateCertificateAuthority' :: CreateCertificateAuthority -> Maybe KeyStorageSecurityStandard
keyStorageSecurityStandard} -> Maybe KeyStorageSecurityStandard
keyStorageSecurityStandard) (\s :: CreateCertificateAuthority
s@CreateCertificateAuthority' {} Maybe KeyStorageSecurityStandard
a -> CreateCertificateAuthority
s {$sel:keyStorageSecurityStandard:CreateCertificateAuthority' :: Maybe KeyStorageSecurityStandard
keyStorageSecurityStandard = Maybe KeyStorageSecurityStandard
a} :: CreateCertificateAuthority)

-- | Contains information to enable Online Certificate Status Protocol (OCSP)
-- support, to enable a certificate revocation list (CRL), to enable both,
-- or to enable neither. The default is for both certificate validation
-- mechanisms to be disabled.
--
-- The following requirements apply to revocation configurations.
--
-- -   A configuration disabling CRLs or OCSP must contain only the
--     @Enabled=False@ parameter, and will fail if other parameters such as
--     @CustomCname@ or @ExpirationInDays@ are included.
--
-- -   In a CRL configuration, the @S3BucketName@ parameter must conform to
--     <https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html Amazon S3 bucket naming rules>.
--
-- -   A configuration containing a custom Canonical Name (CNAME) parameter
--     for CRLs or OCSP must conform to
--     <https://www.ietf.org/rfc/rfc2396.txt RFC2396> restrictions on the
--     use of special characters in a CNAME.
--
-- -   In a CRL or OCSP configuration, the value of a CNAME parameter must
--     not include a protocol prefix such as \"http:\/\/\" or
--     \"https:\/\/\".
--
-- For more information, see the
-- <https://docs.aws.amazon.com/privateca/latest/APIReference/API_OcspConfiguration.html OcspConfiguration>
-- and
-- <https://docs.aws.amazon.com/privateca/latest/APIReference/API_CrlConfiguration.html CrlConfiguration>
-- types.
createCertificateAuthority_revocationConfiguration :: Lens.Lens' CreateCertificateAuthority (Prelude.Maybe RevocationConfiguration)
createCertificateAuthority_revocationConfiguration :: Lens' CreateCertificateAuthority (Maybe RevocationConfiguration)
createCertificateAuthority_revocationConfiguration = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateCertificateAuthority' {Maybe RevocationConfiguration
revocationConfiguration :: Maybe RevocationConfiguration
$sel:revocationConfiguration:CreateCertificateAuthority' :: CreateCertificateAuthority -> Maybe RevocationConfiguration
revocationConfiguration} -> Maybe RevocationConfiguration
revocationConfiguration) (\s :: CreateCertificateAuthority
s@CreateCertificateAuthority' {} Maybe RevocationConfiguration
a -> CreateCertificateAuthority
s {$sel:revocationConfiguration:CreateCertificateAuthority' :: Maybe RevocationConfiguration
revocationConfiguration = Maybe RevocationConfiguration
a} :: CreateCertificateAuthority)

-- | Key-value pairs that will be attached to the new private CA. You can
-- associate up to 50 tags with a private CA. For information using tags
-- with IAM to manage permissions, see
-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/access_iam-tags.html Controlling Access Using IAM Tags>.
createCertificateAuthority_tags :: Lens.Lens' CreateCertificateAuthority (Prelude.Maybe (Prelude.NonEmpty Tag))
createCertificateAuthority_tags :: Lens' CreateCertificateAuthority (Maybe (NonEmpty Tag))
createCertificateAuthority_tags = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateCertificateAuthority' {Maybe (NonEmpty Tag)
tags :: Maybe (NonEmpty Tag)
$sel:tags:CreateCertificateAuthority' :: CreateCertificateAuthority -> Maybe (NonEmpty Tag)
tags} -> Maybe (NonEmpty Tag)
tags) (\s :: CreateCertificateAuthority
s@CreateCertificateAuthority' {} Maybe (NonEmpty Tag)
a -> CreateCertificateAuthority
s {$sel:tags:CreateCertificateAuthority' :: Maybe (NonEmpty Tag)
tags = Maybe (NonEmpty Tag)
a} :: CreateCertificateAuthority) forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. forall (f :: * -> *) (g :: * -> *) s t a b.
(Functor f, Functor g) =>
AnIso s t a b -> Iso (f s) (g t) (f a) (g b)
Lens.mapping forall s t a b. (Coercible s a, Coercible t b) => Iso s t a b
Lens.coerced

-- | Specifies whether the CA issues general-purpose certificates that
-- typically require a revocation mechanism, or short-lived certificates
-- that may optionally omit revocation because they expire quickly.
-- Short-lived certificate validity is limited to seven days.
--
-- The default value is GENERAL_PURPOSE.
createCertificateAuthority_usageMode :: Lens.Lens' CreateCertificateAuthority (Prelude.Maybe CertificateAuthorityUsageMode)
createCertificateAuthority_usageMode :: Lens'
  CreateCertificateAuthority (Maybe CertificateAuthorityUsageMode)
createCertificateAuthority_usageMode = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateCertificateAuthority' {Maybe CertificateAuthorityUsageMode
usageMode :: Maybe CertificateAuthorityUsageMode
$sel:usageMode:CreateCertificateAuthority' :: CreateCertificateAuthority -> Maybe CertificateAuthorityUsageMode
usageMode} -> Maybe CertificateAuthorityUsageMode
usageMode) (\s :: CreateCertificateAuthority
s@CreateCertificateAuthority' {} Maybe CertificateAuthorityUsageMode
a -> CreateCertificateAuthority
s {$sel:usageMode:CreateCertificateAuthority' :: Maybe CertificateAuthorityUsageMode
usageMode = Maybe CertificateAuthorityUsageMode
a} :: CreateCertificateAuthority)

-- | Name and bit size of the private key algorithm, the name of the signing
-- algorithm, and X.500 certificate subject information.
createCertificateAuthority_certificateAuthorityConfiguration :: Lens.Lens' CreateCertificateAuthority CertificateAuthorityConfiguration
createCertificateAuthority_certificateAuthorityConfiguration :: Lens' CreateCertificateAuthority CertificateAuthorityConfiguration
createCertificateAuthority_certificateAuthorityConfiguration = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateCertificateAuthority' {CertificateAuthorityConfiguration
certificateAuthorityConfiguration :: CertificateAuthorityConfiguration
$sel:certificateAuthorityConfiguration:CreateCertificateAuthority' :: CreateCertificateAuthority -> CertificateAuthorityConfiguration
certificateAuthorityConfiguration} -> CertificateAuthorityConfiguration
certificateAuthorityConfiguration) (\s :: CreateCertificateAuthority
s@CreateCertificateAuthority' {} CertificateAuthorityConfiguration
a -> CreateCertificateAuthority
s {$sel:certificateAuthorityConfiguration:CreateCertificateAuthority' :: CertificateAuthorityConfiguration
certificateAuthorityConfiguration = CertificateAuthorityConfiguration
a} :: CreateCertificateAuthority)

-- | The type of the certificate authority.
createCertificateAuthority_certificateAuthorityType :: Lens.Lens' CreateCertificateAuthority CertificateAuthorityType
createCertificateAuthority_certificateAuthorityType :: Lens' CreateCertificateAuthority CertificateAuthorityType
createCertificateAuthority_certificateAuthorityType = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateCertificateAuthority' {CertificateAuthorityType
certificateAuthorityType :: CertificateAuthorityType
$sel:certificateAuthorityType:CreateCertificateAuthority' :: CreateCertificateAuthority -> CertificateAuthorityType
certificateAuthorityType} -> CertificateAuthorityType
certificateAuthorityType) (\s :: CreateCertificateAuthority
s@CreateCertificateAuthority' {} CertificateAuthorityType
a -> CreateCertificateAuthority
s {$sel:certificateAuthorityType:CreateCertificateAuthority' :: CertificateAuthorityType
certificateAuthorityType = CertificateAuthorityType
a} :: CreateCertificateAuthority)

instance Core.AWSRequest CreateCertificateAuthority where
  type
    AWSResponse CreateCertificateAuthority =
      CreateCertificateAuthorityResponse
  request :: (Service -> Service)
-> CreateCertificateAuthority -> Request CreateCertificateAuthority
request Service -> Service
overrides =
    forall a. (ToRequest a, ToJSON a) => Service -> a -> Request a
Request.postJSON (Service -> Service
overrides Service
defaultService)
  response :: forall (m :: * -> *).
MonadResource m =>
(ByteStringLazy -> IO ByteStringLazy)
-> Service
-> Proxy CreateCertificateAuthority
-> ClientResponse ClientBody
-> m (Either
        Error (ClientResponse (AWSResponse CreateCertificateAuthority)))
response =
    forall (m :: * -> *) a.
MonadResource m =>
(Int -> ResponseHeaders -> Object -> Either String (AWSResponse a))
-> (ByteStringLazy -> IO ByteStringLazy)
-> Service
-> Proxy a
-> ClientResponse ClientBody
-> m (Either Error (ClientResponse (AWSResponse a)))
Response.receiveJSON
      ( \Int
s ResponseHeaders
h Object
x ->
          Maybe Text -> Int -> CreateCertificateAuthorityResponse
CreateCertificateAuthorityResponse'
            forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> (Object
x forall a. FromJSON a => Object -> Key -> Either String (Maybe a)
Data..?> Key
"CertificateAuthorityArn")
            forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (forall (f :: * -> *) a. Applicative f => a -> f a
Prelude.pure (forall a. Enum a => a -> Int
Prelude.fromEnum Int
s))
      )

instance Prelude.Hashable CreateCertificateAuthority where
  hashWithSalt :: Int -> CreateCertificateAuthority -> Int
hashWithSalt Int
_salt CreateCertificateAuthority' {Maybe (NonEmpty Tag)
Maybe Text
Maybe CertificateAuthorityUsageMode
Maybe KeyStorageSecurityStandard
Maybe RevocationConfiguration
CertificateAuthorityType
CertificateAuthorityConfiguration
certificateAuthorityType :: CertificateAuthorityType
certificateAuthorityConfiguration :: CertificateAuthorityConfiguration
usageMode :: Maybe CertificateAuthorityUsageMode
tags :: Maybe (NonEmpty Tag)
revocationConfiguration :: Maybe RevocationConfiguration
keyStorageSecurityStandard :: Maybe KeyStorageSecurityStandard
idempotencyToken :: Maybe Text
$sel:certificateAuthorityType:CreateCertificateAuthority' :: CreateCertificateAuthority -> CertificateAuthorityType
$sel:certificateAuthorityConfiguration:CreateCertificateAuthority' :: CreateCertificateAuthority -> CertificateAuthorityConfiguration
$sel:usageMode:CreateCertificateAuthority' :: CreateCertificateAuthority -> Maybe CertificateAuthorityUsageMode
$sel:tags:CreateCertificateAuthority' :: CreateCertificateAuthority -> Maybe (NonEmpty Tag)
$sel:revocationConfiguration:CreateCertificateAuthority' :: CreateCertificateAuthority -> Maybe RevocationConfiguration
$sel:keyStorageSecurityStandard:CreateCertificateAuthority' :: CreateCertificateAuthority -> Maybe KeyStorageSecurityStandard
$sel:idempotencyToken:CreateCertificateAuthority' :: CreateCertificateAuthority -> Maybe Text
..} =
    Int
_salt
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Maybe Text
idempotencyToken
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Maybe KeyStorageSecurityStandard
keyStorageSecurityStandard
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Maybe RevocationConfiguration
revocationConfiguration
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Maybe (NonEmpty Tag)
tags
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Maybe CertificateAuthorityUsageMode
usageMode
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` CertificateAuthorityConfiguration
certificateAuthorityConfiguration
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` CertificateAuthorityType
certificateAuthorityType

instance Prelude.NFData CreateCertificateAuthority where
  rnf :: CreateCertificateAuthority -> ()
rnf CreateCertificateAuthority' {Maybe (NonEmpty Tag)
Maybe Text
Maybe CertificateAuthorityUsageMode
Maybe KeyStorageSecurityStandard
Maybe RevocationConfiguration
CertificateAuthorityType
CertificateAuthorityConfiguration
certificateAuthorityType :: CertificateAuthorityType
certificateAuthorityConfiguration :: CertificateAuthorityConfiguration
usageMode :: Maybe CertificateAuthorityUsageMode
tags :: Maybe (NonEmpty Tag)
revocationConfiguration :: Maybe RevocationConfiguration
keyStorageSecurityStandard :: Maybe KeyStorageSecurityStandard
idempotencyToken :: Maybe Text
$sel:certificateAuthorityType:CreateCertificateAuthority' :: CreateCertificateAuthority -> CertificateAuthorityType
$sel:certificateAuthorityConfiguration:CreateCertificateAuthority' :: CreateCertificateAuthority -> CertificateAuthorityConfiguration
$sel:usageMode:CreateCertificateAuthority' :: CreateCertificateAuthority -> Maybe CertificateAuthorityUsageMode
$sel:tags:CreateCertificateAuthority' :: CreateCertificateAuthority -> Maybe (NonEmpty Tag)
$sel:revocationConfiguration:CreateCertificateAuthority' :: CreateCertificateAuthority -> Maybe RevocationConfiguration
$sel:keyStorageSecurityStandard:CreateCertificateAuthority' :: CreateCertificateAuthority -> Maybe KeyStorageSecurityStandard
$sel:idempotencyToken:CreateCertificateAuthority' :: CreateCertificateAuthority -> Maybe Text
..} =
    forall a. NFData a => a -> ()
Prelude.rnf Maybe Text
idempotencyToken
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Maybe KeyStorageSecurityStandard
keyStorageSecurityStandard
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Maybe RevocationConfiguration
revocationConfiguration
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Maybe (NonEmpty Tag)
tags
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Maybe CertificateAuthorityUsageMode
usageMode
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf CertificateAuthorityConfiguration
certificateAuthorityConfiguration
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf CertificateAuthorityType
certificateAuthorityType

instance Data.ToHeaders CreateCertificateAuthority where
  toHeaders :: CreateCertificateAuthority -> ResponseHeaders
toHeaders =
    forall a b. a -> b -> a
Prelude.const
      ( forall a. Monoid a => [a] -> a
Prelude.mconcat
          [ HeaderName
"X-Amz-Target"
              forall a. ToHeader a => HeaderName -> a -> ResponseHeaders
Data.=# ( ByteString
"ACMPrivateCA.CreateCertificateAuthority" ::
                          Prelude.ByteString
                      ),
            HeaderName
"Content-Type"
              forall a. ToHeader a => HeaderName -> a -> ResponseHeaders
Data.=# ( ByteString
"application/x-amz-json-1.1" ::
                          Prelude.ByteString
                      )
          ]
      )

instance Data.ToJSON CreateCertificateAuthority where
  toJSON :: CreateCertificateAuthority -> Value
toJSON CreateCertificateAuthority' {Maybe (NonEmpty Tag)
Maybe Text
Maybe CertificateAuthorityUsageMode
Maybe KeyStorageSecurityStandard
Maybe RevocationConfiguration
CertificateAuthorityType
CertificateAuthorityConfiguration
certificateAuthorityType :: CertificateAuthorityType
certificateAuthorityConfiguration :: CertificateAuthorityConfiguration
usageMode :: Maybe CertificateAuthorityUsageMode
tags :: Maybe (NonEmpty Tag)
revocationConfiguration :: Maybe RevocationConfiguration
keyStorageSecurityStandard :: Maybe KeyStorageSecurityStandard
idempotencyToken :: Maybe Text
$sel:certificateAuthorityType:CreateCertificateAuthority' :: CreateCertificateAuthority -> CertificateAuthorityType
$sel:certificateAuthorityConfiguration:CreateCertificateAuthority' :: CreateCertificateAuthority -> CertificateAuthorityConfiguration
$sel:usageMode:CreateCertificateAuthority' :: CreateCertificateAuthority -> Maybe CertificateAuthorityUsageMode
$sel:tags:CreateCertificateAuthority' :: CreateCertificateAuthority -> Maybe (NonEmpty Tag)
$sel:revocationConfiguration:CreateCertificateAuthority' :: CreateCertificateAuthority -> Maybe RevocationConfiguration
$sel:keyStorageSecurityStandard:CreateCertificateAuthority' :: CreateCertificateAuthority -> Maybe KeyStorageSecurityStandard
$sel:idempotencyToken:CreateCertificateAuthority' :: CreateCertificateAuthority -> Maybe Text
..} =
    [Pair] -> Value
Data.object
      ( forall a. [Maybe a] -> [a]
Prelude.catMaybes
          [ (Key
"IdempotencyToken" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv
Data..=)
              forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe Text
idempotencyToken,
            (Key
"KeyStorageSecurityStandard" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv
Data..=)
              forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe KeyStorageSecurityStandard
keyStorageSecurityStandard,
            (Key
"RevocationConfiguration" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv
Data..=)
              forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe RevocationConfiguration
revocationConfiguration,
            (Key
"Tags" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv
Data..=) forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe (NonEmpty Tag)
tags,
            (Key
"UsageMode" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv
Data..=) forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe CertificateAuthorityUsageMode
usageMode,
            forall a. a -> Maybe a
Prelude.Just
              ( Key
"CertificateAuthorityConfiguration"
                  forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv
Data..= CertificateAuthorityConfiguration
certificateAuthorityConfiguration
              ),
            forall a. a -> Maybe a
Prelude.Just
              ( Key
"CertificateAuthorityType"
                  forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv
Data..= CertificateAuthorityType
certificateAuthorityType
              )
          ]
      )

instance Data.ToPath CreateCertificateAuthority where
  toPath :: CreateCertificateAuthority -> ByteString
toPath = forall a b. a -> b -> a
Prelude.const ByteString
"/"

instance Data.ToQuery CreateCertificateAuthority where
  toQuery :: CreateCertificateAuthority -> QueryString
toQuery = forall a b. a -> b -> a
Prelude.const forall a. Monoid a => a
Prelude.mempty

-- | /See:/ 'newCreateCertificateAuthorityResponse' smart constructor.
data CreateCertificateAuthorityResponse = CreateCertificateAuthorityResponse'
  { -- | If successful, the Amazon Resource Name (ARN) of the certificate
    -- authority (CA). This is of the form:
    --
    -- @arn:aws:acm-pca:@/@region@/@:@/@account@/@:certificate-authority\/@/@12345678-1234-1234-1234-123456789012@/@ @.
    CreateCertificateAuthorityResponse -> Maybe Text
certificateAuthorityArn :: Prelude.Maybe Prelude.Text,
    -- | The response's http status code.
    CreateCertificateAuthorityResponse -> Int
httpStatus :: Prelude.Int
  }
  deriving (CreateCertificateAuthorityResponse
-> CreateCertificateAuthorityResponse -> Bool
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: CreateCertificateAuthorityResponse
-> CreateCertificateAuthorityResponse -> Bool
$c/= :: CreateCertificateAuthorityResponse
-> CreateCertificateAuthorityResponse -> Bool
== :: CreateCertificateAuthorityResponse
-> CreateCertificateAuthorityResponse -> Bool
$c== :: CreateCertificateAuthorityResponse
-> CreateCertificateAuthorityResponse -> Bool
Prelude.Eq, ReadPrec [CreateCertificateAuthorityResponse]
ReadPrec CreateCertificateAuthorityResponse
Int -> ReadS CreateCertificateAuthorityResponse
ReadS [CreateCertificateAuthorityResponse]
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [CreateCertificateAuthorityResponse]
$creadListPrec :: ReadPrec [CreateCertificateAuthorityResponse]
readPrec :: ReadPrec CreateCertificateAuthorityResponse
$creadPrec :: ReadPrec CreateCertificateAuthorityResponse
readList :: ReadS [CreateCertificateAuthorityResponse]
$creadList :: ReadS [CreateCertificateAuthorityResponse]
readsPrec :: Int -> ReadS CreateCertificateAuthorityResponse
$creadsPrec :: Int -> ReadS CreateCertificateAuthorityResponse
Prelude.Read, Int -> CreateCertificateAuthorityResponse -> ShowS
[CreateCertificateAuthorityResponse] -> ShowS
CreateCertificateAuthorityResponse -> String
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [CreateCertificateAuthorityResponse] -> ShowS
$cshowList :: [CreateCertificateAuthorityResponse] -> ShowS
show :: CreateCertificateAuthorityResponse -> String
$cshow :: CreateCertificateAuthorityResponse -> String
showsPrec :: Int -> CreateCertificateAuthorityResponse -> ShowS
$cshowsPrec :: Int -> CreateCertificateAuthorityResponse -> ShowS
Prelude.Show, forall x.
Rep CreateCertificateAuthorityResponse x
-> CreateCertificateAuthorityResponse
forall x.
CreateCertificateAuthorityResponse
-> Rep CreateCertificateAuthorityResponse x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x.
Rep CreateCertificateAuthorityResponse x
-> CreateCertificateAuthorityResponse
$cfrom :: forall x.
CreateCertificateAuthorityResponse
-> Rep CreateCertificateAuthorityResponse x
Prelude.Generic)

-- |
-- Create a value of 'CreateCertificateAuthorityResponse' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'certificateAuthorityArn', 'createCertificateAuthorityResponse_certificateAuthorityArn' - If successful, the Amazon Resource Name (ARN) of the certificate
-- authority (CA). This is of the form:
--
-- @arn:aws:acm-pca:@/@region@/@:@/@account@/@:certificate-authority\/@/@12345678-1234-1234-1234-123456789012@/@ @.
--
-- 'httpStatus', 'createCertificateAuthorityResponse_httpStatus' - The response's http status code.
newCreateCertificateAuthorityResponse ::
  -- | 'httpStatus'
  Prelude.Int ->
  CreateCertificateAuthorityResponse
newCreateCertificateAuthorityResponse :: Int -> CreateCertificateAuthorityResponse
newCreateCertificateAuthorityResponse Int
pHttpStatus_ =
  CreateCertificateAuthorityResponse'
    { $sel:certificateAuthorityArn:CreateCertificateAuthorityResponse' :: Maybe Text
certificateAuthorityArn =
        forall a. Maybe a
Prelude.Nothing,
      $sel:httpStatus:CreateCertificateAuthorityResponse' :: Int
httpStatus = Int
pHttpStatus_
    }

-- | If successful, the Amazon Resource Name (ARN) of the certificate
-- authority (CA). This is of the form:
--
-- @arn:aws:acm-pca:@/@region@/@:@/@account@/@:certificate-authority\/@/@12345678-1234-1234-1234-123456789012@/@ @.
createCertificateAuthorityResponse_certificateAuthorityArn :: Lens.Lens' CreateCertificateAuthorityResponse (Prelude.Maybe Prelude.Text)
createCertificateAuthorityResponse_certificateAuthorityArn :: Lens' CreateCertificateAuthorityResponse (Maybe Text)
createCertificateAuthorityResponse_certificateAuthorityArn = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateCertificateAuthorityResponse' {Maybe Text
certificateAuthorityArn :: Maybe Text
$sel:certificateAuthorityArn:CreateCertificateAuthorityResponse' :: CreateCertificateAuthorityResponse -> Maybe Text
certificateAuthorityArn} -> Maybe Text
certificateAuthorityArn) (\s :: CreateCertificateAuthorityResponse
s@CreateCertificateAuthorityResponse' {} Maybe Text
a -> CreateCertificateAuthorityResponse
s {$sel:certificateAuthorityArn:CreateCertificateAuthorityResponse' :: Maybe Text
certificateAuthorityArn = Maybe Text
a} :: CreateCertificateAuthorityResponse)

-- | The response's http status code.
createCertificateAuthorityResponse_httpStatus :: Lens.Lens' CreateCertificateAuthorityResponse Prelude.Int
createCertificateAuthorityResponse_httpStatus :: Lens' CreateCertificateAuthorityResponse Int
createCertificateAuthorityResponse_httpStatus = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateCertificateAuthorityResponse' {Int
httpStatus :: Int
$sel:httpStatus:CreateCertificateAuthorityResponse' :: CreateCertificateAuthorityResponse -> Int
httpStatus} -> Int
httpStatus) (\s :: CreateCertificateAuthorityResponse
s@CreateCertificateAuthorityResponse' {} Int
a -> CreateCertificateAuthorityResponse
s {$sel:httpStatus:CreateCertificateAuthorityResponse' :: Int
httpStatus = Int
a} :: CreateCertificateAuthorityResponse)

instance
  Prelude.NFData
    CreateCertificateAuthorityResponse
  where
  rnf :: CreateCertificateAuthorityResponse -> ()
rnf CreateCertificateAuthorityResponse' {Int
Maybe Text
httpStatus :: Int
certificateAuthorityArn :: Maybe Text
$sel:httpStatus:CreateCertificateAuthorityResponse' :: CreateCertificateAuthorityResponse -> Int
$sel:certificateAuthorityArn:CreateCertificateAuthorityResponse' :: CreateCertificateAuthorityResponse -> Maybe Text
..} =
    forall a. NFData a => a -> ()
Prelude.rnf Maybe Text
certificateAuthorityArn
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Int
httpStatus