{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE TypeFamilies #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-binds #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.SecretsManager.UpdateSecret
-- Copyright   : (c) 2013-2023 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
--
-- Modifies the details of a secret, including metadata and the secret
-- value. To change the secret value, you can also use PutSecretValue.
--
-- To change the rotation configuration of a secret, use RotateSecret
-- instead.
--
-- We recommend you avoid calling @UpdateSecret@ at a sustained rate of
-- more than once every 10 minutes. When you call @UpdateSecret@ to update
-- the secret value, Secrets Manager creates a new version of the secret.
-- Secrets Manager removes outdated versions when there are more than 100,
-- but it does not remove versions created less than 24 hours ago. If you
-- update the secret value more than once every 10 minutes, you create more
-- versions than Secrets Manager removes, and you will reach the quota for
-- secret versions.
--
-- If you include @SecretString@ or @SecretBinary@ to create a new secret
-- version, Secrets Manager automatically moves the staging label
-- @AWSCURRENT@ to the new version. Then it attaches the label
-- @AWSPREVIOUS@ to the version that @AWSCURRENT@ was removed from.
--
-- If you call this operation with a @ClientRequestToken@ that matches an
-- existing version\'s @VersionId@, the operation results in an error. You
-- can\'t modify an existing version, you can only create a new version. To
-- remove a version, remove all staging labels from it. See
-- UpdateSecretVersionStage.
--
-- Secrets Manager generates a CloudTrail log entry when you call this
-- action. Do not include sensitive information in request parameters
-- except @SecretBinary@ or @SecretString@ because it might be logged. For
-- more information, see
-- <https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html Logging Secrets Manager events with CloudTrail>.
--
-- __Required permissions:__ @secretsmanager:UpdateSecret@. For more
-- information, see
-- <https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions IAM policy actions for Secrets Manager>
-- and
-- <https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html Authentication and access control in Secrets Manager>.
-- If you use a customer managed key, you must also have
-- @kms:GenerateDataKey@ and @kms:Decrypt@ permissions on the key. For more
-- information, see
-- <https://docs.aws.amazon.com/secretsmanager/latest/userguide/security-encryption.html Secret encryption and decryption>.
module Amazonka.SecretsManager.UpdateSecret
  ( -- * Creating a Request
    UpdateSecret (..),
    newUpdateSecret,

    -- * Request Lenses
    updateSecret_clientRequestToken,
    updateSecret_description,
    updateSecret_kmsKeyId,
    updateSecret_secretBinary,
    updateSecret_secretString,
    updateSecret_secretId,

    -- * Destructuring the Response
    UpdateSecretResponse (..),
    newUpdateSecretResponse,

    -- * Response Lenses
    updateSecretResponse_arn,
    updateSecretResponse_name,
    updateSecretResponse_versionId,
    updateSecretResponse_httpStatus,
  )
where

import qualified Amazonka.Core as Core
import qualified Amazonka.Core.Lens.Internal as Lens
import qualified Amazonka.Data as Data
import qualified Amazonka.Prelude as Prelude
import qualified Amazonka.Request as Request
import qualified Amazonka.Response as Response
import Amazonka.SecretsManager.Types

-- | /See:/ 'newUpdateSecret' smart constructor.
data UpdateSecret = UpdateSecret'
  { -- | If you include @SecretString@ or @SecretBinary@, then Secrets Manager
    -- creates a new version for the secret, and this parameter specifies the
    -- unique identifier for the new version.
    --
    -- If you use the Amazon Web Services CLI or one of the Amazon Web Services
    -- SDKs to call this operation, then you can leave this parameter empty.
    -- The CLI or SDK generates a random UUID for you and includes it as the
    -- value for this parameter in the request. If you don\'t use the SDK and
    -- instead generate a raw HTTP request to the Secrets Manager service
    -- endpoint, then you must generate a @ClientRequestToken@ yourself for the
    -- new version and include the value in the request.
    --
    -- This value becomes the @VersionId@ of the new version.
    UpdateSecret -> Maybe Text
clientRequestToken :: Prelude.Maybe Prelude.Text,
    -- | The description of the secret.
    UpdateSecret -> Maybe Text
description :: Prelude.Maybe Prelude.Text,
    -- | The ARN, key ID, or alias of the KMS key that Secrets Manager uses to
    -- encrypt new secret versions as well as any existing versions with the
    -- staging labels @AWSCURRENT@, @AWSPENDING@, or @AWSPREVIOUS@. For more
    -- information about versions and staging labels, see
    -- <https://docs.aws.amazon.com/secretsmanager/latest/userguide/getting-started.html#term_version Concepts: Version>.
    --
    -- A key alias is always prefixed by @alias\/@, for example
    -- @alias\/aws\/secretsmanager@. For more information, see
    -- <https://docs.aws.amazon.com/kms/latest/developerguide/alias-about.html About aliases>.
    --
    -- If you set this to an empty string, Secrets Manager uses the Amazon Web
    -- Services managed key @aws\/secretsmanager@. If this key doesn\'t already
    -- exist in your account, then Secrets Manager creates it for you
    -- automatically. All users and roles in the Amazon Web Services account
    -- automatically have access to use @aws\/secretsmanager@. Creating
    -- @aws\/secretsmanager@ can result in a one-time significant delay in
    -- returning the result.
    --
    -- You can only use the Amazon Web Services managed key
    -- @aws\/secretsmanager@ if you call this operation using credentials from
    -- the same Amazon Web Services account that owns the secret. If the secret
    -- is in a different account, then you must use a customer managed key and
    -- provide the ARN of that KMS key in this field. The user making the call
    -- must have permissions to both the secret and the KMS key in their
    -- respective accounts.
    UpdateSecret -> Maybe Text
kmsKeyId :: Prelude.Maybe Prelude.Text,
    -- | The binary data to encrypt and store in the new version of the secret.
    -- We recommend that you store your binary data in a file and then pass the
    -- contents of the file as a parameter.
    --
    -- Either @SecretBinary@ or @SecretString@ must have a value, but not both.
    --
    -- You can\'t access this parameter in the Secrets Manager console.
    UpdateSecret -> Maybe (Sensitive Base64)
secretBinary :: Prelude.Maybe (Data.Sensitive Data.Base64),
    -- | The text data to encrypt and store in the new version of the secret. We
    -- recommend you use a JSON structure of key\/value pairs for your secret
    -- value.
    --
    -- Either @SecretBinary@ or @SecretString@ must have a value, but not both.
    UpdateSecret -> Maybe (Sensitive Text)
secretString :: Prelude.Maybe (Data.Sensitive Prelude.Text),
    -- | The ARN or name of the secret.
    --
    -- For an ARN, we recommend that you specify a complete ARN rather than a
    -- partial ARN. See
    -- <https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot.html#ARN_secretnamehyphen Finding a secret from a partial ARN>.
    UpdateSecret -> Text
secretId :: Prelude.Text
  }
  deriving (UpdateSecret -> UpdateSecret -> Bool
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: UpdateSecret -> UpdateSecret -> Bool
$c/= :: UpdateSecret -> UpdateSecret -> Bool
== :: UpdateSecret -> UpdateSecret -> Bool
$c== :: UpdateSecret -> UpdateSecret -> Bool
Prelude.Eq, Int -> UpdateSecret -> ShowS
[UpdateSecret] -> ShowS
UpdateSecret -> String
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [UpdateSecret] -> ShowS
$cshowList :: [UpdateSecret] -> ShowS
show :: UpdateSecret -> String
$cshow :: UpdateSecret -> String
showsPrec :: Int -> UpdateSecret -> ShowS
$cshowsPrec :: Int -> UpdateSecret -> ShowS
Prelude.Show, forall x. Rep UpdateSecret x -> UpdateSecret
forall x. UpdateSecret -> Rep UpdateSecret x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x. Rep UpdateSecret x -> UpdateSecret
$cfrom :: forall x. UpdateSecret -> Rep UpdateSecret x
Prelude.Generic)

-- |
-- Create a value of 'UpdateSecret' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'clientRequestToken', 'updateSecret_clientRequestToken' - If you include @SecretString@ or @SecretBinary@, then Secrets Manager
-- creates a new version for the secret, and this parameter specifies the
-- unique identifier for the new version.
--
-- If you use the Amazon Web Services CLI or one of the Amazon Web Services
-- SDKs to call this operation, then you can leave this parameter empty.
-- The CLI or SDK generates a random UUID for you and includes it as the
-- value for this parameter in the request. If you don\'t use the SDK and
-- instead generate a raw HTTP request to the Secrets Manager service
-- endpoint, then you must generate a @ClientRequestToken@ yourself for the
-- new version and include the value in the request.
--
-- This value becomes the @VersionId@ of the new version.
--
-- 'description', 'updateSecret_description' - The description of the secret.
--
-- 'kmsKeyId', 'updateSecret_kmsKeyId' - The ARN, key ID, or alias of the KMS key that Secrets Manager uses to
-- encrypt new secret versions as well as any existing versions with the
-- staging labels @AWSCURRENT@, @AWSPENDING@, or @AWSPREVIOUS@. For more
-- information about versions and staging labels, see
-- <https://docs.aws.amazon.com/secretsmanager/latest/userguide/getting-started.html#term_version Concepts: Version>.
--
-- A key alias is always prefixed by @alias\/@, for example
-- @alias\/aws\/secretsmanager@. For more information, see
-- <https://docs.aws.amazon.com/kms/latest/developerguide/alias-about.html About aliases>.
--
-- If you set this to an empty string, Secrets Manager uses the Amazon Web
-- Services managed key @aws\/secretsmanager@. If this key doesn\'t already
-- exist in your account, then Secrets Manager creates it for you
-- automatically. All users and roles in the Amazon Web Services account
-- automatically have access to use @aws\/secretsmanager@. Creating
-- @aws\/secretsmanager@ can result in a one-time significant delay in
-- returning the result.
--
-- You can only use the Amazon Web Services managed key
-- @aws\/secretsmanager@ if you call this operation using credentials from
-- the same Amazon Web Services account that owns the secret. If the secret
-- is in a different account, then you must use a customer managed key and
-- provide the ARN of that KMS key in this field. The user making the call
-- must have permissions to both the secret and the KMS key in their
-- respective accounts.
--
-- 'secretBinary', 'updateSecret_secretBinary' - The binary data to encrypt and store in the new version of the secret.
-- We recommend that you store your binary data in a file and then pass the
-- contents of the file as a parameter.
--
-- Either @SecretBinary@ or @SecretString@ must have a value, but not both.
--
-- You can\'t access this parameter in the Secrets Manager console.--
-- -- /Note:/ This 'Lens' automatically encodes and decodes Base64 data.
-- -- The underlying isomorphism will encode to Base64 representation during
-- -- serialisation, and decode from Base64 representation during deserialisation.
-- -- This 'Lens' accepts and returns only raw unencoded data.
--
-- 'secretString', 'updateSecret_secretString' - The text data to encrypt and store in the new version of the secret. We
-- recommend you use a JSON structure of key\/value pairs for your secret
-- value.
--
-- Either @SecretBinary@ or @SecretString@ must have a value, but not both.
--
-- 'secretId', 'updateSecret_secretId' - The ARN or name of the secret.
--
-- For an ARN, we recommend that you specify a complete ARN rather than a
-- partial ARN. See
-- <https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot.html#ARN_secretnamehyphen Finding a secret from a partial ARN>.
newUpdateSecret ::
  -- | 'secretId'
  Prelude.Text ->
  UpdateSecret
newUpdateSecret :: Text -> UpdateSecret
newUpdateSecret Text
pSecretId_ =
  UpdateSecret'
    { $sel:clientRequestToken:UpdateSecret' :: Maybe Text
clientRequestToken = forall a. Maybe a
Prelude.Nothing,
      $sel:description:UpdateSecret' :: Maybe Text
description = forall a. Maybe a
Prelude.Nothing,
      $sel:kmsKeyId:UpdateSecret' :: Maybe Text
kmsKeyId = forall a. Maybe a
Prelude.Nothing,
      $sel:secretBinary:UpdateSecret' :: Maybe (Sensitive Base64)
secretBinary = forall a. Maybe a
Prelude.Nothing,
      $sel:secretString:UpdateSecret' :: Maybe (Sensitive Text)
secretString = forall a. Maybe a
Prelude.Nothing,
      $sel:secretId:UpdateSecret' :: Text
secretId = Text
pSecretId_
    }

-- | If you include @SecretString@ or @SecretBinary@, then Secrets Manager
-- creates a new version for the secret, and this parameter specifies the
-- unique identifier for the new version.
--
-- If you use the Amazon Web Services CLI or one of the Amazon Web Services
-- SDKs to call this operation, then you can leave this parameter empty.
-- The CLI or SDK generates a random UUID for you and includes it as the
-- value for this parameter in the request. If you don\'t use the SDK and
-- instead generate a raw HTTP request to the Secrets Manager service
-- endpoint, then you must generate a @ClientRequestToken@ yourself for the
-- new version and include the value in the request.
--
-- This value becomes the @VersionId@ of the new version.
updateSecret_clientRequestToken :: Lens.Lens' UpdateSecret (Prelude.Maybe Prelude.Text)
updateSecret_clientRequestToken :: Lens' UpdateSecret (Maybe Text)
updateSecret_clientRequestToken = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\UpdateSecret' {Maybe Text
clientRequestToken :: Maybe Text
$sel:clientRequestToken:UpdateSecret' :: UpdateSecret -> Maybe Text
clientRequestToken} -> Maybe Text
clientRequestToken) (\s :: UpdateSecret
s@UpdateSecret' {} Maybe Text
a -> UpdateSecret
s {$sel:clientRequestToken:UpdateSecret' :: Maybe Text
clientRequestToken = Maybe Text
a} :: UpdateSecret)

-- | The description of the secret.
updateSecret_description :: Lens.Lens' UpdateSecret (Prelude.Maybe Prelude.Text)
updateSecret_description :: Lens' UpdateSecret (Maybe Text)
updateSecret_description = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\UpdateSecret' {Maybe Text
description :: Maybe Text
$sel:description:UpdateSecret' :: UpdateSecret -> Maybe Text
description} -> Maybe Text
description) (\s :: UpdateSecret
s@UpdateSecret' {} Maybe Text
a -> UpdateSecret
s {$sel:description:UpdateSecret' :: Maybe Text
description = Maybe Text
a} :: UpdateSecret)

-- | The ARN, key ID, or alias of the KMS key that Secrets Manager uses to
-- encrypt new secret versions as well as any existing versions with the
-- staging labels @AWSCURRENT@, @AWSPENDING@, or @AWSPREVIOUS@. For more
-- information about versions and staging labels, see
-- <https://docs.aws.amazon.com/secretsmanager/latest/userguide/getting-started.html#term_version Concepts: Version>.
--
-- A key alias is always prefixed by @alias\/@, for example
-- @alias\/aws\/secretsmanager@. For more information, see
-- <https://docs.aws.amazon.com/kms/latest/developerguide/alias-about.html About aliases>.
--
-- If you set this to an empty string, Secrets Manager uses the Amazon Web
-- Services managed key @aws\/secretsmanager@. If this key doesn\'t already
-- exist in your account, then Secrets Manager creates it for you
-- automatically. All users and roles in the Amazon Web Services account
-- automatically have access to use @aws\/secretsmanager@. Creating
-- @aws\/secretsmanager@ can result in a one-time significant delay in
-- returning the result.
--
-- You can only use the Amazon Web Services managed key
-- @aws\/secretsmanager@ if you call this operation using credentials from
-- the same Amazon Web Services account that owns the secret. If the secret
-- is in a different account, then you must use a customer managed key and
-- provide the ARN of that KMS key in this field. The user making the call
-- must have permissions to both the secret and the KMS key in their
-- respective accounts.
updateSecret_kmsKeyId :: Lens.Lens' UpdateSecret (Prelude.Maybe Prelude.Text)
updateSecret_kmsKeyId :: Lens' UpdateSecret (Maybe Text)
updateSecret_kmsKeyId = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\UpdateSecret' {Maybe Text
kmsKeyId :: Maybe Text
$sel:kmsKeyId:UpdateSecret' :: UpdateSecret -> Maybe Text
kmsKeyId} -> Maybe Text
kmsKeyId) (\s :: UpdateSecret
s@UpdateSecret' {} Maybe Text
a -> UpdateSecret
s {$sel:kmsKeyId:UpdateSecret' :: Maybe Text
kmsKeyId = Maybe Text
a} :: UpdateSecret)

-- | The binary data to encrypt and store in the new version of the secret.
-- We recommend that you store your binary data in a file and then pass the
-- contents of the file as a parameter.
--
-- Either @SecretBinary@ or @SecretString@ must have a value, but not both.
--
-- You can\'t access this parameter in the Secrets Manager console.--
-- -- /Note:/ This 'Lens' automatically encodes and decodes Base64 data.
-- -- The underlying isomorphism will encode to Base64 representation during
-- -- serialisation, and decode from Base64 representation during deserialisation.
-- -- This 'Lens' accepts and returns only raw unencoded data.
updateSecret_secretBinary :: Lens.Lens' UpdateSecret (Prelude.Maybe Prelude.ByteString)
updateSecret_secretBinary :: Lens' UpdateSecret (Maybe ByteString)
updateSecret_secretBinary = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\UpdateSecret' {Maybe (Sensitive Base64)
secretBinary :: Maybe (Sensitive Base64)
$sel:secretBinary:UpdateSecret' :: UpdateSecret -> Maybe (Sensitive Base64)
secretBinary} -> Maybe (Sensitive Base64)
secretBinary) (\s :: UpdateSecret
s@UpdateSecret' {} Maybe (Sensitive Base64)
a -> UpdateSecret
s {$sel:secretBinary:UpdateSecret' :: Maybe (Sensitive Base64)
secretBinary = Maybe (Sensitive Base64)
a} :: UpdateSecret) forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. forall (f :: * -> *) (g :: * -> *) s t a b.
(Functor f, Functor g) =>
AnIso s t a b -> Iso (f s) (g t) (f a) (g b)
Lens.mapping (forall a. Iso' (Sensitive a) a
Data._Sensitive forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. Iso' Base64 ByteString
Data._Base64)

-- | The text data to encrypt and store in the new version of the secret. We
-- recommend you use a JSON structure of key\/value pairs for your secret
-- value.
--
-- Either @SecretBinary@ or @SecretString@ must have a value, but not both.
updateSecret_secretString :: Lens.Lens' UpdateSecret (Prelude.Maybe Prelude.Text)
updateSecret_secretString :: Lens' UpdateSecret (Maybe Text)
updateSecret_secretString = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\UpdateSecret' {Maybe (Sensitive Text)
secretString :: Maybe (Sensitive Text)
$sel:secretString:UpdateSecret' :: UpdateSecret -> Maybe (Sensitive Text)
secretString} -> Maybe (Sensitive Text)
secretString) (\s :: UpdateSecret
s@UpdateSecret' {} Maybe (Sensitive Text)
a -> UpdateSecret
s {$sel:secretString:UpdateSecret' :: Maybe (Sensitive Text)
secretString = Maybe (Sensitive Text)
a} :: UpdateSecret) forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. forall (f :: * -> *) (g :: * -> *) s t a b.
(Functor f, Functor g) =>
AnIso s t a b -> Iso (f s) (g t) (f a) (g b)
Lens.mapping forall a. Iso' (Sensitive a) a
Data._Sensitive

-- | The ARN or name of the secret.
--
-- For an ARN, we recommend that you specify a complete ARN rather than a
-- partial ARN. See
-- <https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot.html#ARN_secretnamehyphen Finding a secret from a partial ARN>.
updateSecret_secretId :: Lens.Lens' UpdateSecret Prelude.Text
updateSecret_secretId :: Lens' UpdateSecret Text
updateSecret_secretId = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\UpdateSecret' {Text
secretId :: Text
$sel:secretId:UpdateSecret' :: UpdateSecret -> Text
secretId} -> Text
secretId) (\s :: UpdateSecret
s@UpdateSecret' {} Text
a -> UpdateSecret
s {$sel:secretId:UpdateSecret' :: Text
secretId = Text
a} :: UpdateSecret)

instance Core.AWSRequest UpdateSecret where
  type AWSResponse UpdateSecret = UpdateSecretResponse
  request :: (Service -> Service) -> UpdateSecret -> Request UpdateSecret
request Service -> Service
overrides =
    forall a. (ToRequest a, ToJSON a) => Service -> a -> Request a
Request.postJSON (Service -> Service
overrides Service
defaultService)
  response :: forall (m :: * -> *).
MonadResource m =>
(ByteStringLazy -> IO ByteStringLazy)
-> Service
-> Proxy UpdateSecret
-> ClientResponse ClientBody
-> m (Either Error (ClientResponse (AWSResponse UpdateSecret)))
response =
    forall (m :: * -> *) a.
MonadResource m =>
(Int -> ResponseHeaders -> Object -> Either String (AWSResponse a))
-> (ByteStringLazy -> IO ByteStringLazy)
-> Service
-> Proxy a
-> ClientResponse ClientBody
-> m (Either Error (ClientResponse (AWSResponse a)))
Response.receiveJSON
      ( \Int
s ResponseHeaders
h Object
x ->
          Maybe Text
-> Maybe Text -> Maybe Text -> Int -> UpdateSecretResponse
UpdateSecretResponse'
            forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> (Object
x forall a. FromJSON a => Object -> Key -> Either String (Maybe a)
Data..?> Key
"ARN")
            forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x forall a. FromJSON a => Object -> Key -> Either String (Maybe a)
Data..?> Key
"Name")
            forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x forall a. FromJSON a => Object -> Key -> Either String (Maybe a)
Data..?> Key
"VersionId")
            forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (forall (f :: * -> *) a. Applicative f => a -> f a
Prelude.pure (forall a. Enum a => a -> Int
Prelude.fromEnum Int
s))
      )

instance Prelude.Hashable UpdateSecret where
  hashWithSalt :: Int -> UpdateSecret -> Int
hashWithSalt Int
_salt UpdateSecret' {Maybe Text
Maybe (Sensitive Text)
Maybe (Sensitive Base64)
Text
secretId :: Text
secretString :: Maybe (Sensitive Text)
secretBinary :: Maybe (Sensitive Base64)
kmsKeyId :: Maybe Text
description :: Maybe Text
clientRequestToken :: Maybe Text
$sel:secretId:UpdateSecret' :: UpdateSecret -> Text
$sel:secretString:UpdateSecret' :: UpdateSecret -> Maybe (Sensitive Text)
$sel:secretBinary:UpdateSecret' :: UpdateSecret -> Maybe (Sensitive Base64)
$sel:kmsKeyId:UpdateSecret' :: UpdateSecret -> Maybe Text
$sel:description:UpdateSecret' :: UpdateSecret -> Maybe Text
$sel:clientRequestToken:UpdateSecret' :: UpdateSecret -> Maybe Text
..} =
    Int
_salt
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Maybe Text
clientRequestToken
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Maybe Text
description
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Maybe Text
kmsKeyId
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Maybe (Sensitive Base64)
secretBinary
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Maybe (Sensitive Text)
secretString
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Text
secretId

instance Prelude.NFData UpdateSecret where
  rnf :: UpdateSecret -> ()
rnf UpdateSecret' {Maybe Text
Maybe (Sensitive Text)
Maybe (Sensitive Base64)
Text
secretId :: Text
secretString :: Maybe (Sensitive Text)
secretBinary :: Maybe (Sensitive Base64)
kmsKeyId :: Maybe Text
description :: Maybe Text
clientRequestToken :: Maybe Text
$sel:secretId:UpdateSecret' :: UpdateSecret -> Text
$sel:secretString:UpdateSecret' :: UpdateSecret -> Maybe (Sensitive Text)
$sel:secretBinary:UpdateSecret' :: UpdateSecret -> Maybe (Sensitive Base64)
$sel:kmsKeyId:UpdateSecret' :: UpdateSecret -> Maybe Text
$sel:description:UpdateSecret' :: UpdateSecret -> Maybe Text
$sel:clientRequestToken:UpdateSecret' :: UpdateSecret -> Maybe Text
..} =
    forall a. NFData a => a -> ()
Prelude.rnf Maybe Text
clientRequestToken
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Maybe Text
description
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Maybe Text
kmsKeyId
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Maybe (Sensitive Base64)
secretBinary
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Maybe (Sensitive Text)
secretString
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Text
secretId

instance Data.ToHeaders UpdateSecret where
  toHeaders :: UpdateSecret -> ResponseHeaders
toHeaders =
    forall a b. a -> b -> a
Prelude.const
      ( forall a. Monoid a => [a] -> a
Prelude.mconcat
          [ HeaderName
"X-Amz-Target"
              forall a. ToHeader a => HeaderName -> a -> ResponseHeaders
Data.=# ( ByteString
"secretsmanager.UpdateSecret" ::
                          Prelude.ByteString
                      ),
            HeaderName
"Content-Type"
              forall a. ToHeader a => HeaderName -> a -> ResponseHeaders
Data.=# ( ByteString
"application/x-amz-json-1.1" ::
                          Prelude.ByteString
                      )
          ]
      )

instance Data.ToJSON UpdateSecret where
  toJSON :: UpdateSecret -> Value
toJSON UpdateSecret' {Maybe Text
Maybe (Sensitive Text)
Maybe (Sensitive Base64)
Text
secretId :: Text
secretString :: Maybe (Sensitive Text)
secretBinary :: Maybe (Sensitive Base64)
kmsKeyId :: Maybe Text
description :: Maybe Text
clientRequestToken :: Maybe Text
$sel:secretId:UpdateSecret' :: UpdateSecret -> Text
$sel:secretString:UpdateSecret' :: UpdateSecret -> Maybe (Sensitive Text)
$sel:secretBinary:UpdateSecret' :: UpdateSecret -> Maybe (Sensitive Base64)
$sel:kmsKeyId:UpdateSecret' :: UpdateSecret -> Maybe Text
$sel:description:UpdateSecret' :: UpdateSecret -> Maybe Text
$sel:clientRequestToken:UpdateSecret' :: UpdateSecret -> Maybe Text
..} =
    [Pair] -> Value
Data.object
      ( forall a. [Maybe a] -> [a]
Prelude.catMaybes
          [ (Key
"ClientRequestToken" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv
Data..=)
              forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe Text
clientRequestToken,
            (Key
"Description" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv
Data..=) forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe Text
description,
            (Key
"KmsKeyId" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv
Data..=) forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe Text
kmsKeyId,
            (Key
"SecretBinary" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv
Data..=) forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe (Sensitive Base64)
secretBinary,
            (Key
"SecretString" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv
Data..=) forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe (Sensitive Text)
secretString,
            forall a. a -> Maybe a
Prelude.Just (Key
"SecretId" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv
Data..= Text
secretId)
          ]
      )

instance Data.ToPath UpdateSecret where
  toPath :: UpdateSecret -> ByteString
toPath = forall a b. a -> b -> a
Prelude.const ByteString
"/"

instance Data.ToQuery UpdateSecret where
  toQuery :: UpdateSecret -> QueryString
toQuery = forall a b. a -> b -> a
Prelude.const forall a. Monoid a => a
Prelude.mempty

-- | /See:/ 'newUpdateSecretResponse' smart constructor.
data UpdateSecretResponse = UpdateSecretResponse'
  { -- | The ARN of the secret that was updated.
    UpdateSecretResponse -> Maybe Text
arn :: Prelude.Maybe Prelude.Text,
    -- | The name of the secret that was updated.
    UpdateSecretResponse -> Maybe Text
name :: Prelude.Maybe Prelude.Text,
    -- | If Secrets Manager created a new version of the secret during this
    -- operation, then @VersionId@ contains the unique identifier of the new
    -- version.
    UpdateSecretResponse -> Maybe Text
versionId :: Prelude.Maybe Prelude.Text,
    -- | The response's http status code.
    UpdateSecretResponse -> Int
httpStatus :: Prelude.Int
  }
  deriving (UpdateSecretResponse -> UpdateSecretResponse -> Bool
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: UpdateSecretResponse -> UpdateSecretResponse -> Bool
$c/= :: UpdateSecretResponse -> UpdateSecretResponse -> Bool
== :: UpdateSecretResponse -> UpdateSecretResponse -> Bool
$c== :: UpdateSecretResponse -> UpdateSecretResponse -> Bool
Prelude.Eq, ReadPrec [UpdateSecretResponse]
ReadPrec UpdateSecretResponse
Int -> ReadS UpdateSecretResponse
ReadS [UpdateSecretResponse]
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [UpdateSecretResponse]
$creadListPrec :: ReadPrec [UpdateSecretResponse]
readPrec :: ReadPrec UpdateSecretResponse
$creadPrec :: ReadPrec UpdateSecretResponse
readList :: ReadS [UpdateSecretResponse]
$creadList :: ReadS [UpdateSecretResponse]
readsPrec :: Int -> ReadS UpdateSecretResponse
$creadsPrec :: Int -> ReadS UpdateSecretResponse
Prelude.Read, Int -> UpdateSecretResponse -> ShowS
[UpdateSecretResponse] -> ShowS
UpdateSecretResponse -> String
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [UpdateSecretResponse] -> ShowS
$cshowList :: [UpdateSecretResponse] -> ShowS
show :: UpdateSecretResponse -> String
$cshow :: UpdateSecretResponse -> String
showsPrec :: Int -> UpdateSecretResponse -> ShowS
$cshowsPrec :: Int -> UpdateSecretResponse -> ShowS
Prelude.Show, forall x. Rep UpdateSecretResponse x -> UpdateSecretResponse
forall x. UpdateSecretResponse -> Rep UpdateSecretResponse x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x. Rep UpdateSecretResponse x -> UpdateSecretResponse
$cfrom :: forall x. UpdateSecretResponse -> Rep UpdateSecretResponse x
Prelude.Generic)

-- |
-- Create a value of 'UpdateSecretResponse' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'arn', 'updateSecretResponse_arn' - The ARN of the secret that was updated.
--
-- 'name', 'updateSecretResponse_name' - The name of the secret that was updated.
--
-- 'versionId', 'updateSecretResponse_versionId' - If Secrets Manager created a new version of the secret during this
-- operation, then @VersionId@ contains the unique identifier of the new
-- version.
--
-- 'httpStatus', 'updateSecretResponse_httpStatus' - The response's http status code.
newUpdateSecretResponse ::
  -- | 'httpStatus'
  Prelude.Int ->
  UpdateSecretResponse
newUpdateSecretResponse :: Int -> UpdateSecretResponse
newUpdateSecretResponse Int
pHttpStatus_ =
  UpdateSecretResponse'
    { $sel:arn:UpdateSecretResponse' :: Maybe Text
arn = forall a. Maybe a
Prelude.Nothing,
      $sel:name:UpdateSecretResponse' :: Maybe Text
name = forall a. Maybe a
Prelude.Nothing,
      $sel:versionId:UpdateSecretResponse' :: Maybe Text
versionId = forall a. Maybe a
Prelude.Nothing,
      $sel:httpStatus:UpdateSecretResponse' :: Int
httpStatus = Int
pHttpStatus_
    }

-- | The ARN of the secret that was updated.
updateSecretResponse_arn :: Lens.Lens' UpdateSecretResponse (Prelude.Maybe Prelude.Text)
updateSecretResponse_arn :: Lens' UpdateSecretResponse (Maybe Text)
updateSecretResponse_arn = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\UpdateSecretResponse' {Maybe Text
arn :: Maybe Text
$sel:arn:UpdateSecretResponse' :: UpdateSecretResponse -> Maybe Text
arn} -> Maybe Text
arn) (\s :: UpdateSecretResponse
s@UpdateSecretResponse' {} Maybe Text
a -> UpdateSecretResponse
s {$sel:arn:UpdateSecretResponse' :: Maybe Text
arn = Maybe Text
a} :: UpdateSecretResponse)

-- | The name of the secret that was updated.
updateSecretResponse_name :: Lens.Lens' UpdateSecretResponse (Prelude.Maybe Prelude.Text)
updateSecretResponse_name :: Lens' UpdateSecretResponse (Maybe Text)
updateSecretResponse_name = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\UpdateSecretResponse' {Maybe Text
name :: Maybe Text
$sel:name:UpdateSecretResponse' :: UpdateSecretResponse -> Maybe Text
name} -> Maybe Text
name) (\s :: UpdateSecretResponse
s@UpdateSecretResponse' {} Maybe Text
a -> UpdateSecretResponse
s {$sel:name:UpdateSecretResponse' :: Maybe Text
name = Maybe Text
a} :: UpdateSecretResponse)

-- | If Secrets Manager created a new version of the secret during this
-- operation, then @VersionId@ contains the unique identifier of the new
-- version.
updateSecretResponse_versionId :: Lens.Lens' UpdateSecretResponse (Prelude.Maybe Prelude.Text)
updateSecretResponse_versionId :: Lens' UpdateSecretResponse (Maybe Text)
updateSecretResponse_versionId = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\UpdateSecretResponse' {Maybe Text
versionId :: Maybe Text
$sel:versionId:UpdateSecretResponse' :: UpdateSecretResponse -> Maybe Text
versionId} -> Maybe Text
versionId) (\s :: UpdateSecretResponse
s@UpdateSecretResponse' {} Maybe Text
a -> UpdateSecretResponse
s {$sel:versionId:UpdateSecretResponse' :: Maybe Text
versionId = Maybe Text
a} :: UpdateSecretResponse)

-- | The response's http status code.
updateSecretResponse_httpStatus :: Lens.Lens' UpdateSecretResponse Prelude.Int
updateSecretResponse_httpStatus :: Lens' UpdateSecretResponse Int
updateSecretResponse_httpStatus = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\UpdateSecretResponse' {Int
httpStatus :: Int
$sel:httpStatus:UpdateSecretResponse' :: UpdateSecretResponse -> Int
httpStatus} -> Int
httpStatus) (\s :: UpdateSecretResponse
s@UpdateSecretResponse' {} Int
a -> UpdateSecretResponse
s {$sel:httpStatus:UpdateSecretResponse' :: Int
httpStatus = Int
a} :: UpdateSecretResponse)

instance Prelude.NFData UpdateSecretResponse where
  rnf :: UpdateSecretResponse -> ()
rnf UpdateSecretResponse' {Int
Maybe Text
httpStatus :: Int
versionId :: Maybe Text
name :: Maybe Text
arn :: Maybe Text
$sel:httpStatus:UpdateSecretResponse' :: UpdateSecretResponse -> Int
$sel:versionId:UpdateSecretResponse' :: UpdateSecretResponse -> Maybe Text
$sel:name:UpdateSecretResponse' :: UpdateSecretResponse -> Maybe Text
$sel:arn:UpdateSecretResponse' :: UpdateSecretResponse -> Maybe Text
..} =
    forall a. NFData a => a -> ()
Prelude.rnf Maybe Text
arn
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Maybe Text
name
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Maybe Text
versionId
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Int
httpStatus