{-# LANGUAGE DeriveGeneric #-} {-# LANGUAGE DuplicateRecordFields #-} {-# LANGUAGE NamedFieldPuns #-} {-# LANGUAGE OverloadedStrings #-} {-# LANGUAGE RecordWildCards #-} {-# LANGUAGE StrictData #-} {-# LANGUAGE NoImplicitPrelude #-} {-# OPTIONS_GHC -fno-warn-unused-imports #-} {-# OPTIONS_GHC -fno-warn-unused-matches #-} -- Derived from AWS service descriptions, licensed under Apache 2.0. -- | -- Module : Amazonka.CertificateManagerPCA.Types.CrlConfiguration -- Copyright : (c) 2013-2023 Brendan Hay -- License : Mozilla Public License, v. 2.0. -- Maintainer : Brendan Hay -- Stability : auto-generated -- Portability : non-portable (GHC extensions) module Amazonka.CertificateManagerPCA.Types.CrlConfiguration where import Amazonka.CertificateManagerPCA.Types.S3ObjectAcl import qualified Amazonka.Core as Core import qualified Amazonka.Core.Lens.Internal as Lens import qualified Amazonka.Data as Data import qualified Amazonka.Prelude as Prelude -- | Contains configuration information for a certificate revocation list -- (CRL). Your private certificate authority (CA) creates base CRLs. Delta -- CRLs are not supported. You can enable CRLs for your new or an existing -- private CA by setting the __Enabled__ parameter to @true@. Your private -- CA writes CRLs to an S3 bucket that you specify in the __S3BucketName__ -- parameter. You can hide the name of your bucket by specifying a value -- for the __CustomCname__ parameter. Your private CA copies the CNAME or -- the S3 bucket name to the __CRL Distribution Points__ extension of each -- certificate it issues. Your S3 bucket policy must give write permission -- to Amazon Web Services Private CA. -- -- Amazon Web Services Private CA assets that are stored in Amazon S3 can -- be protected with encryption. For more information, see -- <https://docs.aws.amazon.com/privateca/latest/userguide/PcaCreateCa.html#crl-encryption Encrypting Your CRLs>. -- -- Your private CA uses the value in the __ExpirationInDays__ parameter to -- calculate the __nextUpdate__ field in the CRL. The CRL is refreshed -- prior to a certificate\'s expiration date or when a certificate is -- revoked. When a certificate is revoked, it appears in the CRL until the -- certificate expires, and then in one additional CRL after expiration, -- and it always appears in the audit report. -- -- A CRL is typically updated approximately 30 minutes after a certificate -- is revoked. If for any reason a CRL update fails, Amazon Web Services -- Private CA makes further attempts every 15 minutes. -- -- CRLs contain the following fields: -- -- - __Version__: The current version number defined in RFC 5280 is V2. -- The integer value is 0x1. -- -- - __Signature Algorithm__: The name of the algorithm used to sign the -- CRL. -- -- - __Issuer__: The X.500 distinguished name of your private CA that -- issued the CRL. -- -- - __Last Update__: The issue date and time of this CRL. -- -- - __Next Update__: The day and time by which the next CRL will be -- issued. -- -- - __Revoked Certificates__: List of revoked certificates. Each list -- item contains the following information. -- -- - __Serial Number__: The serial number, in hexadecimal format, of -- the revoked certificate. -- -- - __Revocation Date__: Date and time the certificate was revoked. -- -- - __CRL Entry Extensions__: Optional extensions for the CRL entry. -- -- - __X509v3 CRL Reason Code__: Reason the certificate was -- revoked. -- -- - __CRL Extensions__: Optional extensions for the CRL. -- -- - __X509v3 Authority Key Identifier__: Identifies the public key -- associated with the private key used to sign the certificate. -- -- - __X509v3 CRL Number:__: Decimal sequence number for the CRL. -- -- - __Signature Algorithm__: Algorithm used by your private CA to sign -- the CRL. -- -- - __Signature Value__: Signature computed over the CRL. -- -- Certificate revocation lists created by Amazon Web Services Private CA -- are DER-encoded. You can use the following OpenSSL command to list a -- CRL. -- -- @openssl crl -inform DER -text -in @/@crl_path@/@ -noout@ -- -- For more information, see -- <https://docs.aws.amazon.com/privateca/latest/userguide/crl-planning.html Planning a certificate revocation list (CRL)> -- in the /Amazon Web Services Private Certificate Authority User Guide/ -- -- /See:/ 'newCrlConfiguration' smart constructor. data CrlConfiguration = CrlConfiguration' { -- | Name inserted into the certificate __CRL Distribution Points__ extension -- that enables the use of an alias for the CRL distribution point. Use -- this value if you don\'t want the name of your S3 bucket to be public. -- -- The content of a Canonical Name (CNAME) record must conform to -- <https://www.ietf.org/rfc/rfc2396.txt RFC2396> restrictions on the use -- of special characters in URIs. Additionally, the value of the CNAME must -- not include a protocol prefix such as \"http:\/\/\" or \"https:\/\/\". CrlConfiguration -> Maybe Text customCname :: Prelude.Maybe Prelude.Text, -- | Validity period of the CRL in days. CrlConfiguration -> Maybe Natural expirationInDays :: Prelude.Maybe Prelude.Natural, -- | Name of the S3 bucket that contains the CRL. If you do not provide a -- value for the __CustomCname__ argument, the name of your S3 bucket is -- placed into the __CRL Distribution Points__ extension of the issued -- certificate. You can change the name of your bucket by calling the -- <https://docs.aws.amazon.com/privateca/latest/APIReference/API_UpdateCertificateAuthority.html UpdateCertificateAuthority> -- operation. You must specify a -- <https://docs.aws.amazon.com/privateca/latest/userguide/PcaCreateCa.html#s3-policies bucket policy> -- that allows Amazon Web Services Private CA to write the CRL to your -- bucket. -- -- The @S3BucketName@ parameter must conform to the -- <https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html S3 bucket naming rules>. CrlConfiguration -> Maybe Text s3BucketName :: Prelude.Maybe Prelude.Text, -- | Determines whether the CRL will be publicly readable or privately held -- in the CRL Amazon S3 bucket. If you choose PUBLIC_READ, the CRL will be -- accessible over the public internet. If you choose -- BUCKET_OWNER_FULL_CONTROL, only the owner of the CRL S3 bucket can -- access the CRL, and your PKI clients may need an alternative method of -- access. -- -- If no value is specified, the default is @PUBLIC_READ@. -- -- /Note:/ This default can cause CA creation to fail in some -- circumstances. If you have have enabled the Block Public Access (BPA) -- feature in your S3 account, then you must specify the value of this -- parameter as @BUCKET_OWNER_FULL_CONTROL@, and not doing so results in an -- error. If you have disabled BPA in S3, then you can specify either -- @BUCKET_OWNER_FULL_CONTROL@ or @PUBLIC_READ@ as the value. -- -- For more information, see -- <https://docs.aws.amazon.com/privateca/latest/userguide/PcaCreateCa.html#s3-bpa Blocking public access to the S3 bucket>. CrlConfiguration -> Maybe S3ObjectAcl s3ObjectAcl :: Prelude.Maybe S3ObjectAcl, -- | Boolean value that specifies whether certificate revocation lists (CRLs) -- are enabled. You can use this value to enable certificate revocation for -- a new CA when you call the -- <https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html CreateCertificateAuthority> -- action or for an existing CA when you call the -- <https://docs.aws.amazon.com/privateca/latest/APIReference/API_UpdateCertificateAuthority.html UpdateCertificateAuthority> -- action. CrlConfiguration -> Bool enabled :: Prelude.Bool } deriving (CrlConfiguration -> CrlConfiguration -> Bool forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a /= :: CrlConfiguration -> CrlConfiguration -> Bool $c/= :: CrlConfiguration -> CrlConfiguration -> Bool == :: CrlConfiguration -> CrlConfiguration -> Bool $c== :: CrlConfiguration -> CrlConfiguration -> Bool Prelude.Eq, ReadPrec [CrlConfiguration] ReadPrec CrlConfiguration Int -> ReadS CrlConfiguration ReadS [CrlConfiguration] forall a. (Int -> ReadS a) -> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a readListPrec :: ReadPrec [CrlConfiguration] $creadListPrec :: ReadPrec [CrlConfiguration] readPrec :: ReadPrec CrlConfiguration $creadPrec :: ReadPrec CrlConfiguration readList :: ReadS [CrlConfiguration] $creadList :: ReadS [CrlConfiguration] readsPrec :: Int -> ReadS CrlConfiguration $creadsPrec :: Int -> ReadS CrlConfiguration Prelude.Read, Int -> CrlConfiguration -> ShowS [CrlConfiguration] -> ShowS CrlConfiguration -> String forall a. (Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a showList :: [CrlConfiguration] -> ShowS $cshowList :: [CrlConfiguration] -> ShowS show :: CrlConfiguration -> String $cshow :: CrlConfiguration -> String showsPrec :: Int -> CrlConfiguration -> ShowS $cshowsPrec :: Int -> CrlConfiguration -> ShowS Prelude.Show, forall x. Rep CrlConfiguration x -> CrlConfiguration forall x. CrlConfiguration -> Rep CrlConfiguration x forall a. (forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a $cto :: forall x. Rep CrlConfiguration x -> CrlConfiguration $cfrom :: forall x. CrlConfiguration -> Rep CrlConfiguration x Prelude.Generic) -- | -- Create a value of 'CrlConfiguration' with all optional fields omitted. -- -- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields. -- -- The following record fields are available, with the corresponding lenses provided -- for backwards compatibility: -- -- 'customCname', 'crlConfiguration_customCname' - Name inserted into the certificate __CRL Distribution Points__ extension -- that enables the use of an alias for the CRL distribution point. Use -- this value if you don\'t want the name of your S3 bucket to be public. -- -- The content of a Canonical Name (CNAME) record must conform to -- <https://www.ietf.org/rfc/rfc2396.txt RFC2396> restrictions on the use -- of special characters in URIs. Additionally, the value of the CNAME must -- not include a protocol prefix such as \"http:\/\/\" or \"https:\/\/\". -- -- 'expirationInDays', 'crlConfiguration_expirationInDays' - Validity period of the CRL in days. -- -- 's3BucketName', 'crlConfiguration_s3BucketName' - Name of the S3 bucket that contains the CRL. If you do not provide a -- value for the __CustomCname__ argument, the name of your S3 bucket is -- placed into the __CRL Distribution Points__ extension of the issued -- certificate. You can change the name of your bucket by calling the -- <https://docs.aws.amazon.com/privateca/latest/APIReference/API_UpdateCertificateAuthority.html UpdateCertificateAuthority> -- operation. You must specify a -- <https://docs.aws.amazon.com/privateca/latest/userguide/PcaCreateCa.html#s3-policies bucket policy> -- that allows Amazon Web Services Private CA to write the CRL to your -- bucket. -- -- The @S3BucketName@ parameter must conform to the -- <https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html S3 bucket naming rules>. -- -- 's3ObjectAcl', 'crlConfiguration_s3ObjectAcl' - Determines whether the CRL will be publicly readable or privately held -- in the CRL Amazon S3 bucket. If you choose PUBLIC_READ, the CRL will be -- accessible over the public internet. If you choose -- BUCKET_OWNER_FULL_CONTROL, only the owner of the CRL S3 bucket can -- access the CRL, and your PKI clients may need an alternative method of -- access. -- -- If no value is specified, the default is @PUBLIC_READ@. -- -- /Note:/ This default can cause CA creation to fail in some -- circumstances. If you have have enabled the Block Public Access (BPA) -- feature in your S3 account, then you must specify the value of this -- parameter as @BUCKET_OWNER_FULL_CONTROL@, and not doing so results in an -- error. If you have disabled BPA in S3, then you can specify either -- @BUCKET_OWNER_FULL_CONTROL@ or @PUBLIC_READ@ as the value. -- -- For more information, see -- <https://docs.aws.amazon.com/privateca/latest/userguide/PcaCreateCa.html#s3-bpa Blocking public access to the S3 bucket>. -- -- 'enabled', 'crlConfiguration_enabled' - Boolean value that specifies whether certificate revocation lists (CRLs) -- are enabled. You can use this value to enable certificate revocation for -- a new CA when you call the -- <https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html CreateCertificateAuthority> -- action or for an existing CA when you call the -- <https://docs.aws.amazon.com/privateca/latest/APIReference/API_UpdateCertificateAuthority.html UpdateCertificateAuthority> -- action. newCrlConfiguration :: -- | 'enabled' Prelude.Bool -> CrlConfiguration newCrlConfiguration :: Bool -> CrlConfiguration newCrlConfiguration Bool pEnabled_ = CrlConfiguration' { $sel:customCname:CrlConfiguration' :: Maybe Text customCname = forall a. Maybe a Prelude.Nothing, $sel:expirationInDays:CrlConfiguration' :: Maybe Natural expirationInDays = forall a. Maybe a Prelude.Nothing, $sel:s3BucketName:CrlConfiguration' :: Maybe Text s3BucketName = forall a. Maybe a Prelude.Nothing, $sel:s3ObjectAcl:CrlConfiguration' :: Maybe S3ObjectAcl s3ObjectAcl = forall a. Maybe a Prelude.Nothing, $sel:enabled:CrlConfiguration' :: Bool enabled = Bool pEnabled_ } -- | Name inserted into the certificate __CRL Distribution Points__ extension -- that enables the use of an alias for the CRL distribution point. Use -- this value if you don\'t want the name of your S3 bucket to be public. -- -- The content of a Canonical Name (CNAME) record must conform to -- <https://www.ietf.org/rfc/rfc2396.txt RFC2396> restrictions on the use -- of special characters in URIs. Additionally, the value of the CNAME must -- not include a protocol prefix such as \"http:\/\/\" or \"https:\/\/\". crlConfiguration_customCname :: Lens.Lens' CrlConfiguration (Prelude.Maybe Prelude.Text) crlConfiguration_customCname :: Lens' CrlConfiguration (Maybe Text) crlConfiguration_customCname = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b Lens.lens (\CrlConfiguration' {Maybe Text customCname :: Maybe Text $sel:customCname:CrlConfiguration' :: CrlConfiguration -> Maybe Text customCname} -> Maybe Text customCname) (\s :: CrlConfiguration s@CrlConfiguration' {} Maybe Text a -> CrlConfiguration s {$sel:customCname:CrlConfiguration' :: Maybe Text customCname = Maybe Text a} :: CrlConfiguration) -- | Validity period of the CRL in days. crlConfiguration_expirationInDays :: Lens.Lens' CrlConfiguration (Prelude.Maybe Prelude.Natural) crlConfiguration_expirationInDays :: Lens' CrlConfiguration (Maybe Natural) crlConfiguration_expirationInDays = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b Lens.lens (\CrlConfiguration' {Maybe Natural expirationInDays :: Maybe Natural $sel:expirationInDays:CrlConfiguration' :: CrlConfiguration -> Maybe Natural expirationInDays} -> Maybe Natural expirationInDays) (\s :: CrlConfiguration s@CrlConfiguration' {} Maybe Natural a -> CrlConfiguration s {$sel:expirationInDays:CrlConfiguration' :: Maybe Natural expirationInDays = Maybe Natural a} :: CrlConfiguration) -- | Name of the S3 bucket that contains the CRL. If you do not provide a -- value for the __CustomCname__ argument, the name of your S3 bucket is -- placed into the __CRL Distribution Points__ extension of the issued -- certificate. You can change the name of your bucket by calling the -- <https://docs.aws.amazon.com/privateca/latest/APIReference/API_UpdateCertificateAuthority.html UpdateCertificateAuthority> -- operation. You must specify a -- <https://docs.aws.amazon.com/privateca/latest/userguide/PcaCreateCa.html#s3-policies bucket policy> -- that allows Amazon Web Services Private CA to write the CRL to your -- bucket. -- -- The @S3BucketName@ parameter must conform to the -- <https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html S3 bucket naming rules>. crlConfiguration_s3BucketName :: Lens.Lens' CrlConfiguration (Prelude.Maybe Prelude.Text) crlConfiguration_s3BucketName :: Lens' CrlConfiguration (Maybe Text) crlConfiguration_s3BucketName = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b Lens.lens (\CrlConfiguration' {Maybe Text s3BucketName :: Maybe Text $sel:s3BucketName:CrlConfiguration' :: CrlConfiguration -> Maybe Text s3BucketName} -> Maybe Text s3BucketName) (\s :: CrlConfiguration s@CrlConfiguration' {} Maybe Text a -> CrlConfiguration s {$sel:s3BucketName:CrlConfiguration' :: Maybe Text s3BucketName = Maybe Text a} :: CrlConfiguration) -- | Determines whether the CRL will be publicly readable or privately held -- in the CRL Amazon S3 bucket. If you choose PUBLIC_READ, the CRL will be -- accessible over the public internet. If you choose -- BUCKET_OWNER_FULL_CONTROL, only the owner of the CRL S3 bucket can -- access the CRL, and your PKI clients may need an alternative method of -- access. -- -- If no value is specified, the default is @PUBLIC_READ@. -- -- /Note:/ This default can cause CA creation to fail in some -- circumstances. If you have have enabled the Block Public Access (BPA) -- feature in your S3 account, then you must specify the value of this -- parameter as @BUCKET_OWNER_FULL_CONTROL@, and not doing so results in an -- error. If you have disabled BPA in S3, then you can specify either -- @BUCKET_OWNER_FULL_CONTROL@ or @PUBLIC_READ@ as the value. -- -- For more information, see -- <https://docs.aws.amazon.com/privateca/latest/userguide/PcaCreateCa.html#s3-bpa Blocking public access to the S3 bucket>. crlConfiguration_s3ObjectAcl :: Lens.Lens' CrlConfiguration (Prelude.Maybe S3ObjectAcl) crlConfiguration_s3ObjectAcl :: Lens' CrlConfiguration (Maybe S3ObjectAcl) crlConfiguration_s3ObjectAcl = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b Lens.lens (\CrlConfiguration' {Maybe S3ObjectAcl s3ObjectAcl :: Maybe S3ObjectAcl $sel:s3ObjectAcl:CrlConfiguration' :: CrlConfiguration -> Maybe S3ObjectAcl s3ObjectAcl} -> Maybe S3ObjectAcl s3ObjectAcl) (\s :: CrlConfiguration s@CrlConfiguration' {} Maybe S3ObjectAcl a -> CrlConfiguration s {$sel:s3ObjectAcl:CrlConfiguration' :: Maybe S3ObjectAcl s3ObjectAcl = Maybe S3ObjectAcl a} :: CrlConfiguration) -- | Boolean value that specifies whether certificate revocation lists (CRLs) -- are enabled. You can use this value to enable certificate revocation for -- a new CA when you call the -- <https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html CreateCertificateAuthority> -- action or for an existing CA when you call the -- <https://docs.aws.amazon.com/privateca/latest/APIReference/API_UpdateCertificateAuthority.html UpdateCertificateAuthority> -- action. crlConfiguration_enabled :: Lens.Lens' CrlConfiguration Prelude.Bool crlConfiguration_enabled :: Lens' CrlConfiguration Bool crlConfiguration_enabled = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b Lens.lens (\CrlConfiguration' {Bool enabled :: Bool $sel:enabled:CrlConfiguration' :: CrlConfiguration -> Bool enabled} -> Bool enabled) (\s :: CrlConfiguration s@CrlConfiguration' {} Bool a -> CrlConfiguration s {$sel:enabled:CrlConfiguration' :: Bool enabled = Bool a} :: CrlConfiguration) instance Data.FromJSON CrlConfiguration where parseJSON :: Value -> Parser CrlConfiguration parseJSON = forall a. String -> (Object -> Parser a) -> Value -> Parser a Data.withObject String "CrlConfiguration" ( \Object x -> Maybe Text -> Maybe Natural -> Maybe Text -> Maybe S3ObjectAcl -> Bool -> CrlConfiguration CrlConfiguration' forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b Prelude.<$> (Object x forall a. FromJSON a => Object -> Key -> Parser (Maybe a) Data..:? Key "CustomCname") forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b Prelude.<*> (Object x forall a. FromJSON a => Object -> Key -> Parser (Maybe a) Data..:? Key "ExpirationInDays") forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b Prelude.<*> (Object x forall a. FromJSON a => Object -> Key -> Parser (Maybe a) Data..:? Key "S3BucketName") forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b Prelude.<*> (Object x forall a. FromJSON a => Object -> Key -> Parser (Maybe a) Data..:? Key "S3ObjectAcl") forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b Prelude.<*> (Object x forall a. FromJSON a => Object -> Key -> Parser a Data..: Key "Enabled") ) instance Prelude.Hashable CrlConfiguration where hashWithSalt :: Int -> CrlConfiguration -> Int hashWithSalt Int _salt CrlConfiguration' {Bool Maybe Natural Maybe Text Maybe S3ObjectAcl enabled :: Bool s3ObjectAcl :: Maybe S3ObjectAcl s3BucketName :: Maybe Text expirationInDays :: Maybe Natural customCname :: Maybe Text $sel:enabled:CrlConfiguration' :: CrlConfiguration -> Bool $sel:s3ObjectAcl:CrlConfiguration' :: CrlConfiguration -> Maybe S3ObjectAcl $sel:s3BucketName:CrlConfiguration' :: CrlConfiguration -> Maybe Text $sel:expirationInDays:CrlConfiguration' :: CrlConfiguration -> Maybe Natural $sel:customCname:CrlConfiguration' :: CrlConfiguration -> Maybe Text ..} = Int _salt forall a. Hashable a => Int -> a -> Int `Prelude.hashWithSalt` Maybe Text customCname forall a. Hashable a => Int -> a -> Int `Prelude.hashWithSalt` Maybe Natural expirationInDays forall a. Hashable a => Int -> a -> Int `Prelude.hashWithSalt` Maybe Text s3BucketName forall a. Hashable a => Int -> a -> Int `Prelude.hashWithSalt` Maybe S3ObjectAcl s3ObjectAcl forall a. Hashable a => Int -> a -> Int `Prelude.hashWithSalt` Bool enabled instance Prelude.NFData CrlConfiguration where rnf :: CrlConfiguration -> () rnf CrlConfiguration' {Bool Maybe Natural Maybe Text Maybe S3ObjectAcl enabled :: Bool s3ObjectAcl :: Maybe S3ObjectAcl s3BucketName :: Maybe Text expirationInDays :: Maybe Natural customCname :: Maybe Text $sel:enabled:CrlConfiguration' :: CrlConfiguration -> Bool $sel:s3ObjectAcl:CrlConfiguration' :: CrlConfiguration -> Maybe S3ObjectAcl $sel:s3BucketName:CrlConfiguration' :: CrlConfiguration -> Maybe Text $sel:expirationInDays:CrlConfiguration' :: CrlConfiguration -> Maybe Natural $sel:customCname:CrlConfiguration' :: CrlConfiguration -> Maybe Text ..} = forall a. NFData a => a -> () Prelude.rnf Maybe Text customCname seq :: forall a b. a -> b -> b `Prelude.seq` forall a. NFData a => a -> () Prelude.rnf Maybe Natural expirationInDays seq :: forall a b. a -> b -> b `Prelude.seq` forall a. NFData a => a -> () Prelude.rnf Maybe Text s3BucketName seq :: forall a b. a -> b -> b `Prelude.seq` forall a. NFData a => a -> () Prelude.rnf Maybe S3ObjectAcl s3ObjectAcl seq :: forall a b. a -> b -> b `Prelude.seq` forall a. NFData a => a -> () Prelude.rnf Bool enabled instance Data.ToJSON CrlConfiguration where toJSON :: CrlConfiguration -> Value toJSON CrlConfiguration' {Bool Maybe Natural Maybe Text Maybe S3ObjectAcl enabled :: Bool s3ObjectAcl :: Maybe S3ObjectAcl s3BucketName :: Maybe Text expirationInDays :: Maybe Natural customCname :: Maybe Text $sel:enabled:CrlConfiguration' :: CrlConfiguration -> Bool $sel:s3ObjectAcl:CrlConfiguration' :: CrlConfiguration -> Maybe S3ObjectAcl $sel:s3BucketName:CrlConfiguration' :: CrlConfiguration -> Maybe Text $sel:expirationInDays:CrlConfiguration' :: CrlConfiguration -> Maybe Natural $sel:customCname:CrlConfiguration' :: CrlConfiguration -> Maybe Text ..} = [Pair] -> Value Data.object ( forall a. [Maybe a] -> [a] Prelude.catMaybes [ (Key "CustomCname" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv Data..=) forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b Prelude.<$> Maybe Text customCname, (Key "ExpirationInDays" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv Data..=) forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b Prelude.<$> Maybe Natural expirationInDays, (Key "S3BucketName" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv Data..=) forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b Prelude.<$> Maybe Text s3BucketName, (Key "S3ObjectAcl" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv Data..=) forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b Prelude.<$> Maybe S3ObjectAcl s3ObjectAcl, forall a. a -> Maybe a Prelude.Just (Key "Enabled" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv Data..= Bool enabled) ] )