{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.Glue.Types.ConnectionPasswordEncryption
-- Copyright   : (c) 2013-2023 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
module Amazonka.Glue.Types.ConnectionPasswordEncryption where

import qualified Amazonka.Core as Core
import qualified Amazonka.Core.Lens.Internal as Lens
import qualified Amazonka.Data as Data
import qualified Amazonka.Prelude as Prelude

-- | The data structure used by the Data Catalog to encrypt the password as
-- part of @CreateConnection@ or @UpdateConnection@ and store it in the
-- @ENCRYPTED_PASSWORD@ field in the connection properties. You can enable
-- catalog encryption or only password encryption.
--
-- When a @CreationConnection@ request arrives containing a password, the
-- Data Catalog first encrypts the password using your KMS key. It then
-- encrypts the whole connection object again if catalog encryption is also
-- enabled.
--
-- This encryption requires that you set KMS key permissions to enable or
-- restrict access on the password key according to your security
-- requirements. For example, you might want only administrators to have
-- decrypt permission on the password key.
--
-- /See:/ 'newConnectionPasswordEncryption' smart constructor.
data ConnectionPasswordEncryption = ConnectionPasswordEncryption'
  { -- | An KMS key that is used to encrypt the connection password.
    --
    -- If connection password protection is enabled, the caller of
    -- @CreateConnection@ and @UpdateConnection@ needs at least @kms:Encrypt@
    -- permission on the specified KMS key, to encrypt passwords before storing
    -- them in the Data Catalog.
    --
    -- You can set the decrypt permission to enable or restrict access on the
    -- password key according to your security requirements.
    ConnectionPasswordEncryption -> Maybe Text
awsKmsKeyId :: Prelude.Maybe Prelude.Text,
    -- | When the @ReturnConnectionPasswordEncrypted@ flag is set to \"true\",
    -- passwords remain encrypted in the responses of @GetConnection@ and
    -- @GetConnections@. This encryption takes effect independently from
    -- catalog encryption.
    ConnectionPasswordEncryption -> Bool
returnConnectionPasswordEncrypted :: Prelude.Bool
  }
  deriving (ConnectionPasswordEncryption
-> ConnectionPasswordEncryption -> Bool
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: ConnectionPasswordEncryption
-> ConnectionPasswordEncryption -> Bool
$c/= :: ConnectionPasswordEncryption
-> ConnectionPasswordEncryption -> Bool
== :: ConnectionPasswordEncryption
-> ConnectionPasswordEncryption -> Bool
$c== :: ConnectionPasswordEncryption
-> ConnectionPasswordEncryption -> Bool
Prelude.Eq, ReadPrec [ConnectionPasswordEncryption]
ReadPrec ConnectionPasswordEncryption
Int -> ReadS ConnectionPasswordEncryption
ReadS [ConnectionPasswordEncryption]
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [ConnectionPasswordEncryption]
$creadListPrec :: ReadPrec [ConnectionPasswordEncryption]
readPrec :: ReadPrec ConnectionPasswordEncryption
$creadPrec :: ReadPrec ConnectionPasswordEncryption
readList :: ReadS [ConnectionPasswordEncryption]
$creadList :: ReadS [ConnectionPasswordEncryption]
readsPrec :: Int -> ReadS ConnectionPasswordEncryption
$creadsPrec :: Int -> ReadS ConnectionPasswordEncryption
Prelude.Read, Int -> ConnectionPasswordEncryption -> ShowS
[ConnectionPasswordEncryption] -> ShowS
ConnectionPasswordEncryption -> String
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [ConnectionPasswordEncryption] -> ShowS
$cshowList :: [ConnectionPasswordEncryption] -> ShowS
show :: ConnectionPasswordEncryption -> String
$cshow :: ConnectionPasswordEncryption -> String
showsPrec :: Int -> ConnectionPasswordEncryption -> ShowS
$cshowsPrec :: Int -> ConnectionPasswordEncryption -> ShowS
Prelude.Show, forall x.
Rep ConnectionPasswordEncryption x -> ConnectionPasswordEncryption
forall x.
ConnectionPasswordEncryption -> Rep ConnectionPasswordEncryption x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x.
Rep ConnectionPasswordEncryption x -> ConnectionPasswordEncryption
$cfrom :: forall x.
ConnectionPasswordEncryption -> Rep ConnectionPasswordEncryption x
Prelude.Generic)

-- |
-- Create a value of 'ConnectionPasswordEncryption' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'awsKmsKeyId', 'connectionPasswordEncryption_awsKmsKeyId' - An KMS key that is used to encrypt the connection password.
--
-- If connection password protection is enabled, the caller of
-- @CreateConnection@ and @UpdateConnection@ needs at least @kms:Encrypt@
-- permission on the specified KMS key, to encrypt passwords before storing
-- them in the Data Catalog.
--
-- You can set the decrypt permission to enable or restrict access on the
-- password key according to your security requirements.
--
-- 'returnConnectionPasswordEncrypted', 'connectionPasswordEncryption_returnConnectionPasswordEncrypted' - When the @ReturnConnectionPasswordEncrypted@ flag is set to \"true\",
-- passwords remain encrypted in the responses of @GetConnection@ and
-- @GetConnections@. This encryption takes effect independently from
-- catalog encryption.
newConnectionPasswordEncryption ::
  -- | 'returnConnectionPasswordEncrypted'
  Prelude.Bool ->
  ConnectionPasswordEncryption
newConnectionPasswordEncryption :: Bool -> ConnectionPasswordEncryption
newConnectionPasswordEncryption
  Bool
pReturnConnectionPasswordEncrypted_ =
    ConnectionPasswordEncryption'
      { $sel:awsKmsKeyId:ConnectionPasswordEncryption' :: Maybe Text
awsKmsKeyId =
          forall a. Maybe a
Prelude.Nothing,
        $sel:returnConnectionPasswordEncrypted:ConnectionPasswordEncryption' :: Bool
returnConnectionPasswordEncrypted =
          Bool
pReturnConnectionPasswordEncrypted_
      }

-- | An KMS key that is used to encrypt the connection password.
--
-- If connection password protection is enabled, the caller of
-- @CreateConnection@ and @UpdateConnection@ needs at least @kms:Encrypt@
-- permission on the specified KMS key, to encrypt passwords before storing
-- them in the Data Catalog.
--
-- You can set the decrypt permission to enable or restrict access on the
-- password key according to your security requirements.
connectionPasswordEncryption_awsKmsKeyId :: Lens.Lens' ConnectionPasswordEncryption (Prelude.Maybe Prelude.Text)
connectionPasswordEncryption_awsKmsKeyId :: Lens' ConnectionPasswordEncryption (Maybe Text)
connectionPasswordEncryption_awsKmsKeyId = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\ConnectionPasswordEncryption' {Maybe Text
awsKmsKeyId :: Maybe Text
$sel:awsKmsKeyId:ConnectionPasswordEncryption' :: ConnectionPasswordEncryption -> Maybe Text
awsKmsKeyId} -> Maybe Text
awsKmsKeyId) (\s :: ConnectionPasswordEncryption
s@ConnectionPasswordEncryption' {} Maybe Text
a -> ConnectionPasswordEncryption
s {$sel:awsKmsKeyId:ConnectionPasswordEncryption' :: Maybe Text
awsKmsKeyId = Maybe Text
a} :: ConnectionPasswordEncryption)

-- | When the @ReturnConnectionPasswordEncrypted@ flag is set to \"true\",
-- passwords remain encrypted in the responses of @GetConnection@ and
-- @GetConnections@. This encryption takes effect independently from
-- catalog encryption.
connectionPasswordEncryption_returnConnectionPasswordEncrypted :: Lens.Lens' ConnectionPasswordEncryption Prelude.Bool
connectionPasswordEncryption_returnConnectionPasswordEncrypted :: Lens' ConnectionPasswordEncryption Bool
connectionPasswordEncryption_returnConnectionPasswordEncrypted = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\ConnectionPasswordEncryption' {Bool
returnConnectionPasswordEncrypted :: Bool
$sel:returnConnectionPasswordEncrypted:ConnectionPasswordEncryption' :: ConnectionPasswordEncryption -> Bool
returnConnectionPasswordEncrypted} -> Bool
returnConnectionPasswordEncrypted) (\s :: ConnectionPasswordEncryption
s@ConnectionPasswordEncryption' {} Bool
a -> ConnectionPasswordEncryption
s {$sel:returnConnectionPasswordEncrypted:ConnectionPasswordEncryption' :: Bool
returnConnectionPasswordEncrypted = Bool
a} :: ConnectionPasswordEncryption)

instance Data.FromJSON ConnectionPasswordEncryption where
  parseJSON :: Value -> Parser ConnectionPasswordEncryption
parseJSON =
    forall a. String -> (Object -> Parser a) -> Value -> Parser a
Data.withObject
      String
"ConnectionPasswordEncryption"
      ( \Object
x ->
          Maybe Text -> Bool -> ConnectionPasswordEncryption
ConnectionPasswordEncryption'
            forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> (Object
x forall a. FromJSON a => Object -> Key -> Parser (Maybe a)
Data..:? Key
"AwsKmsKeyId")
            forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x forall a. FromJSON a => Object -> Key -> Parser a
Data..: Key
"ReturnConnectionPasswordEncrypted")
      )

instance
  Prelude.Hashable
    ConnectionPasswordEncryption
  where
  hashWithSalt :: Int -> ConnectionPasswordEncryption -> Int
hashWithSalt Int
_salt ConnectionPasswordEncryption' {Bool
Maybe Text
returnConnectionPasswordEncrypted :: Bool
awsKmsKeyId :: Maybe Text
$sel:returnConnectionPasswordEncrypted:ConnectionPasswordEncryption' :: ConnectionPasswordEncryption -> Bool
$sel:awsKmsKeyId:ConnectionPasswordEncryption' :: ConnectionPasswordEncryption -> Maybe Text
..} =
    Int
_salt
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Maybe Text
awsKmsKeyId
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Bool
returnConnectionPasswordEncrypted

instance Prelude.NFData ConnectionPasswordEncryption where
  rnf :: ConnectionPasswordEncryption -> ()
rnf ConnectionPasswordEncryption' {Bool
Maybe Text
returnConnectionPasswordEncrypted :: Bool
awsKmsKeyId :: Maybe Text
$sel:returnConnectionPasswordEncrypted:ConnectionPasswordEncryption' :: ConnectionPasswordEncryption -> Bool
$sel:awsKmsKeyId:ConnectionPasswordEncryption' :: ConnectionPasswordEncryption -> Maybe Text
..} =
    forall a. NFData a => a -> ()
Prelude.rnf Maybe Text
awsKmsKeyId
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Bool
returnConnectionPasswordEncrypted

instance Data.ToJSON ConnectionPasswordEncryption where
  toJSON :: ConnectionPasswordEncryption -> Value
toJSON ConnectionPasswordEncryption' {Bool
Maybe Text
returnConnectionPasswordEncrypted :: Bool
awsKmsKeyId :: Maybe Text
$sel:returnConnectionPasswordEncrypted:ConnectionPasswordEncryption' :: ConnectionPasswordEncryption -> Bool
$sel:awsKmsKeyId:ConnectionPasswordEncryption' :: ConnectionPasswordEncryption -> Maybe Text
..} =
    [Pair] -> Value
Data.object
      ( forall a. [Maybe a] -> [a]
Prelude.catMaybes
          [ (Key
"AwsKmsKeyId" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv
Data..=) forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe Text
awsKmsKeyId,
            forall a. a -> Maybe a
Prelude.Just
              ( Key
"ReturnConnectionPasswordEncrypted"
                  forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv
Data..= Bool
returnConnectionPasswordEncrypted
              )
          ]
      )