{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE TypeFamilies #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-binds #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.CertificateManagerPCA.PutPolicy
-- Copyright   : (c) 2013-2023 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
--
-- Attaches a resource-based policy to a private CA.
--
-- A policy can also be applied by sharing a private CA through Amazon Web
-- Services Resource Access Manager (RAM). For more information, see
-- <https://docs.aws.amazon.com/privateca/latest/userguide/pca-ram.html Attach a Policy for Cross-Account Access>.
--
-- The policy can be displayed with
-- <https://docs.aws.amazon.com/privateca/latest/APIReference/API_GetPolicy.html GetPolicy>
-- and removed with
-- <https://docs.aws.amazon.com/privateca/latest/APIReference/API_DeletePolicy.html DeletePolicy>.
--
-- __About Policies__
--
-- -   A policy grants access on a private CA to an Amazon Web Services
--     customer account, to Amazon Web Services Organizations, or to an
--     Amazon Web Services Organizations unit. Policies are under the
--     control of a CA administrator. For more information, see
--     <https://docs.aws.amazon.com/privateca/latest/userguide/pca-rbp.html Using a Resource Based Policy with Amazon Web Services Private CA>.
--
-- -   A policy permits a user of Certificate Manager (ACM) to issue ACM
--     certificates signed by a CA in another account.
--
-- -   For ACM to manage automatic renewal of these certificates, the ACM
--     user must configure a Service Linked Role (SLR). The SLR allows the
--     ACM service to assume the identity of the user, subject to
--     confirmation against the Amazon Web Services Private CA policy. For
--     more information, see
--     <https://docs.aws.amazon.com/acm/latest/userguide/acm-slr.html Using a Service Linked Role with ACM>.
--
-- -   Updates made in Amazon Web Services Resource Manager (RAM) are
--     reflected in policies. For more information, see
--     <https://docs.aws.amazon.com/privateca/latest/userguide/pca-ram.html Attach a Policy for Cross-Account Access>.
module Amazonka.CertificateManagerPCA.PutPolicy
  ( -- * Creating a Request
    PutPolicy (..),
    newPutPolicy,

    -- * Request Lenses
    putPolicy_resourceArn,
    putPolicy_policy,

    -- * Destructuring the Response
    PutPolicyResponse (..),
    newPutPolicyResponse,
  )
where

import Amazonka.CertificateManagerPCA.Types
import qualified Amazonka.Core as Core
import qualified Amazonka.Core.Lens.Internal as Lens
import qualified Amazonka.Data as Data
import qualified Amazonka.Prelude as Prelude
import qualified Amazonka.Request as Request
import qualified Amazonka.Response as Response

-- | /See:/ 'newPutPolicy' smart constructor.
data PutPolicy = PutPolicy'
  { -- | The Amazon Resource Number (ARN) of the private CA to associate with the
    -- policy. The ARN of the CA can be found by calling the
    -- <https://docs.aws.amazon.com/privateca/latest/APIReference/API_ListCertificateAuthorities.html ListCertificateAuthorities>
    -- action.
    PutPolicy -> Text
resourceArn :: Prelude.Text,
    -- | The path and file name of a JSON-formatted IAM policy to attach to the
    -- specified private CA resource. If this policy does not contain all
    -- required statements or if it includes any statement that is not allowed,
    -- the @PutPolicy@ action returns an @InvalidPolicyException@. For
    -- information about IAM policy and statement structure, see
    -- <https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policies-json Overview of JSON Policies>.
    PutPolicy -> Text
policy :: Prelude.Text
  }
  deriving (PutPolicy -> PutPolicy -> Bool
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: PutPolicy -> PutPolicy -> Bool
$c/= :: PutPolicy -> PutPolicy -> Bool
== :: PutPolicy -> PutPolicy -> Bool
$c== :: PutPolicy -> PutPolicy -> Bool
Prelude.Eq, ReadPrec [PutPolicy]
ReadPrec PutPolicy
Int -> ReadS PutPolicy
ReadS [PutPolicy]
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [PutPolicy]
$creadListPrec :: ReadPrec [PutPolicy]
readPrec :: ReadPrec PutPolicy
$creadPrec :: ReadPrec PutPolicy
readList :: ReadS [PutPolicy]
$creadList :: ReadS [PutPolicy]
readsPrec :: Int -> ReadS PutPolicy
$creadsPrec :: Int -> ReadS PutPolicy
Prelude.Read, Int -> PutPolicy -> ShowS
[PutPolicy] -> ShowS
PutPolicy -> String
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [PutPolicy] -> ShowS
$cshowList :: [PutPolicy] -> ShowS
show :: PutPolicy -> String
$cshow :: PutPolicy -> String
showsPrec :: Int -> PutPolicy -> ShowS
$cshowsPrec :: Int -> PutPolicy -> ShowS
Prelude.Show, forall x. Rep PutPolicy x -> PutPolicy
forall x. PutPolicy -> Rep PutPolicy x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x. Rep PutPolicy x -> PutPolicy
$cfrom :: forall x. PutPolicy -> Rep PutPolicy x
Prelude.Generic)

-- |
-- Create a value of 'PutPolicy' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'resourceArn', 'putPolicy_resourceArn' - The Amazon Resource Number (ARN) of the private CA to associate with the
-- policy. The ARN of the CA can be found by calling the
-- <https://docs.aws.amazon.com/privateca/latest/APIReference/API_ListCertificateAuthorities.html ListCertificateAuthorities>
-- action.
--
-- 'policy', 'putPolicy_policy' - The path and file name of a JSON-formatted IAM policy to attach to the
-- specified private CA resource. If this policy does not contain all
-- required statements or if it includes any statement that is not allowed,
-- the @PutPolicy@ action returns an @InvalidPolicyException@. For
-- information about IAM policy and statement structure, see
-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policies-json Overview of JSON Policies>.
newPutPolicy ::
  -- | 'resourceArn'
  Prelude.Text ->
  -- | 'policy'
  Prelude.Text ->
  PutPolicy
newPutPolicy :: Text -> Text -> PutPolicy
newPutPolicy Text
pResourceArn_ Text
pPolicy_ =
  PutPolicy'
    { $sel:resourceArn:PutPolicy' :: Text
resourceArn = Text
pResourceArn_,
      $sel:policy:PutPolicy' :: Text
policy = Text
pPolicy_
    }

-- | The Amazon Resource Number (ARN) of the private CA to associate with the
-- policy. The ARN of the CA can be found by calling the
-- <https://docs.aws.amazon.com/privateca/latest/APIReference/API_ListCertificateAuthorities.html ListCertificateAuthorities>
-- action.
putPolicy_resourceArn :: Lens.Lens' PutPolicy Prelude.Text
putPolicy_resourceArn :: Lens' PutPolicy Text
putPolicy_resourceArn = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\PutPolicy' {Text
resourceArn :: Text
$sel:resourceArn:PutPolicy' :: PutPolicy -> Text
resourceArn} -> Text
resourceArn) (\s :: PutPolicy
s@PutPolicy' {} Text
a -> PutPolicy
s {$sel:resourceArn:PutPolicy' :: Text
resourceArn = Text
a} :: PutPolicy)

-- | The path and file name of a JSON-formatted IAM policy to attach to the
-- specified private CA resource. If this policy does not contain all
-- required statements or if it includes any statement that is not allowed,
-- the @PutPolicy@ action returns an @InvalidPolicyException@. For
-- information about IAM policy and statement structure, see
-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policies-json Overview of JSON Policies>.
putPolicy_policy :: Lens.Lens' PutPolicy Prelude.Text
putPolicy_policy :: Lens' PutPolicy Text
putPolicy_policy = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\PutPolicy' {Text
policy :: Text
$sel:policy:PutPolicy' :: PutPolicy -> Text
policy} -> Text
policy) (\s :: PutPolicy
s@PutPolicy' {} Text
a -> PutPolicy
s {$sel:policy:PutPolicy' :: Text
policy = Text
a} :: PutPolicy)

instance Core.AWSRequest PutPolicy where
  type AWSResponse PutPolicy = PutPolicyResponse
  request :: (Service -> Service) -> PutPolicy -> Request PutPolicy
request Service -> Service
overrides =
    forall a. (ToRequest a, ToJSON a) => Service -> a -> Request a
Request.postJSON (Service -> Service
overrides Service
defaultService)
  response :: forall (m :: * -> *).
MonadResource m =>
(ByteStringLazy -> IO ByteStringLazy)
-> Service
-> Proxy PutPolicy
-> ClientResponse ClientBody
-> m (Either Error (ClientResponse (AWSResponse PutPolicy)))
response = forall (m :: * -> *) a.
MonadResource m =>
AWSResponse a
-> (ByteStringLazy -> IO ByteStringLazy)
-> Service
-> Proxy a
-> ClientResponse ClientBody
-> m (Either Error (ClientResponse (AWSResponse a)))
Response.receiveNull PutPolicyResponse
PutPolicyResponse'

instance Prelude.Hashable PutPolicy where
  hashWithSalt :: Int -> PutPolicy -> Int
hashWithSalt Int
_salt PutPolicy' {Text
policy :: Text
resourceArn :: Text
$sel:policy:PutPolicy' :: PutPolicy -> Text
$sel:resourceArn:PutPolicy' :: PutPolicy -> Text
..} =
    Int
_salt
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Text
resourceArn
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Text
policy

instance Prelude.NFData PutPolicy where
  rnf :: PutPolicy -> ()
rnf PutPolicy' {Text
policy :: Text
resourceArn :: Text
$sel:policy:PutPolicy' :: PutPolicy -> Text
$sel:resourceArn:PutPolicy' :: PutPolicy -> Text
..} =
    forall a. NFData a => a -> ()
Prelude.rnf Text
resourceArn
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Text
policy

instance Data.ToHeaders PutPolicy where
  toHeaders :: PutPolicy -> [Header]
toHeaders =
    forall a b. a -> b -> a
Prelude.const
      ( forall a. Monoid a => [a] -> a
Prelude.mconcat
          [ HeaderName
"X-Amz-Target"
              forall a. ToHeader a => HeaderName -> a -> [Header]
Data.=# (ByteString
"ACMPrivateCA.PutPolicy" :: Prelude.ByteString),
            HeaderName
"Content-Type"
              forall a. ToHeader a => HeaderName -> a -> [Header]
Data.=# ( ByteString
"application/x-amz-json-1.1" ::
                          Prelude.ByteString
                      )
          ]
      )

instance Data.ToJSON PutPolicy where
  toJSON :: PutPolicy -> Value
toJSON PutPolicy' {Text
policy :: Text
resourceArn :: Text
$sel:policy:PutPolicy' :: PutPolicy -> Text
$sel:resourceArn:PutPolicy' :: PutPolicy -> Text
..} =
    [Pair] -> Value
Data.object
      ( forall a. [Maybe a] -> [a]
Prelude.catMaybes
          [ forall a. a -> Maybe a
Prelude.Just (Key
"ResourceArn" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv
Data..= Text
resourceArn),
            forall a. a -> Maybe a
Prelude.Just (Key
"Policy" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv
Data..= Text
policy)
          ]
      )

instance Data.ToPath PutPolicy where
  toPath :: PutPolicy -> ByteString
toPath = forall a b. a -> b -> a
Prelude.const ByteString
"/"

instance Data.ToQuery PutPolicy where
  toQuery :: PutPolicy -> QueryString
toQuery = forall a b. a -> b -> a
Prelude.const forall a. Monoid a => a
Prelude.mempty

-- | /See:/ 'newPutPolicyResponse' smart constructor.
data PutPolicyResponse = PutPolicyResponse'
  {
  }
  deriving (PutPolicyResponse -> PutPolicyResponse -> Bool
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: PutPolicyResponse -> PutPolicyResponse -> Bool
$c/= :: PutPolicyResponse -> PutPolicyResponse -> Bool
== :: PutPolicyResponse -> PutPolicyResponse -> Bool
$c== :: PutPolicyResponse -> PutPolicyResponse -> Bool
Prelude.Eq, ReadPrec [PutPolicyResponse]
ReadPrec PutPolicyResponse
Int -> ReadS PutPolicyResponse
ReadS [PutPolicyResponse]
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [PutPolicyResponse]
$creadListPrec :: ReadPrec [PutPolicyResponse]
readPrec :: ReadPrec PutPolicyResponse
$creadPrec :: ReadPrec PutPolicyResponse
readList :: ReadS [PutPolicyResponse]
$creadList :: ReadS [PutPolicyResponse]
readsPrec :: Int -> ReadS PutPolicyResponse
$creadsPrec :: Int -> ReadS PutPolicyResponse
Prelude.Read, Int -> PutPolicyResponse -> ShowS
[PutPolicyResponse] -> ShowS
PutPolicyResponse -> String
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [PutPolicyResponse] -> ShowS
$cshowList :: [PutPolicyResponse] -> ShowS
show :: PutPolicyResponse -> String
$cshow :: PutPolicyResponse -> String
showsPrec :: Int -> PutPolicyResponse -> ShowS
$cshowsPrec :: Int -> PutPolicyResponse -> ShowS
Prelude.Show, forall x. Rep PutPolicyResponse x -> PutPolicyResponse
forall x. PutPolicyResponse -> Rep PutPolicyResponse x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x. Rep PutPolicyResponse x -> PutPolicyResponse
$cfrom :: forall x. PutPolicyResponse -> Rep PutPolicyResponse x
Prelude.Generic)

-- |
-- Create a value of 'PutPolicyResponse' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
newPutPolicyResponse ::
  PutPolicyResponse
newPutPolicyResponse :: PutPolicyResponse
newPutPolicyResponse = PutPolicyResponse
PutPolicyResponse'

instance Prelude.NFData PutPolicyResponse where
  rnf :: PutPolicyResponse -> ()
rnf PutPolicyResponse
_ = ()