{-# LANGUAGE DeriveDataTypeable #-}
{-# LANGUAGE DeriveGeneric      #-}
{-# LANGUAGE OverloadedStrings  #-}
{-# LANGUAGE RecordWildCards    #-}
{-# LANGUAGE TypeFamilies       #-}

{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Network.AWS.KMS.CreateKey
-- Copyright   : (c) 2013-2015 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
--
-- Creates a customer master key. Customer master keys can be used to
-- encrypt small amounts of data (less than 4K) directly, but they are most
-- commonly used to encrypt or envelope data keys that are then used to
-- encrypt customer data. For more information about data keys, see
-- GenerateDataKey and GenerateDataKeyWithoutPlaintext.
--
-- /See:/ <http://docs.aws.amazon.com/kms/latest/APIReference/API_CreateKey.html AWS API Reference> for CreateKey.
module Network.AWS.KMS.CreateKey
    (
    -- * Creating a Request
      createKey
    , CreateKey
    -- * Request Lenses
    , ckKeyUsage
    , ckPolicy
    , ckDescription

    -- * Destructuring the Response
    , createKeyResponse
    , CreateKeyResponse
    -- * Response Lenses
    , ckrsKeyMetadata
    , ckrsResponseStatus
    ) where

import           Network.AWS.KMS.Types
import           Network.AWS.KMS.Types.Product
import           Network.AWS.Prelude
import           Network.AWS.Request
import           Network.AWS.Response

-- | /See:/ 'createKey' smart constructor.
data CreateKey = CreateKey'
    { _ckKeyUsage    :: !(Maybe KeyUsageType)
    , _ckPolicy      :: !(Maybe Text)
    , _ckDescription :: !(Maybe Text)
    } deriving (Eq,Read,Show,Data,Typeable,Generic)

-- | Creates a value of 'CreateKey' with the minimum fields required to make a request.
--
-- Use one of the following lenses to modify other fields as desired:
--
-- * 'ckKeyUsage'
--
-- * 'ckPolicy'
--
-- * 'ckDescription'
createKey
    :: CreateKey
createKey =
    CreateKey'
    { _ckKeyUsage = Nothing
    , _ckPolicy = Nothing
    , _ckDescription = Nothing
    }

-- | Specifies the intended use of the key. Currently this defaults to
-- ENCRYPT\/DECRYPT, and only symmetric encryption and decryption are
-- supported.
ckKeyUsage :: Lens' CreateKey (Maybe KeyUsageType)
ckKeyUsage = lens _ckKeyUsage (\ s a -> s{_ckKeyUsage = a});

-- | Policy to be attached to the key. This is required and delegates back to
-- the account. The key is the root of trust.
ckPolicy :: Lens' CreateKey (Maybe Text)
ckPolicy = lens _ckPolicy (\ s a -> s{_ckPolicy = a});

-- | Description of the key. We recommend that you choose a description that
-- helps your customer decide whether the key is appropriate for a task.
ckDescription :: Lens' CreateKey (Maybe Text)
ckDescription = lens _ckDescription (\ s a -> s{_ckDescription = a});

instance AWSRequest CreateKey where
        type Rs CreateKey = CreateKeyResponse
        request = postJSON kMS
        response
          = receiveJSON
              (\ s h x ->
                 CreateKeyResponse' <$>
                   (x .?> "KeyMetadata") <*> (pure (fromEnum s)))

instance ToHeaders CreateKey where
        toHeaders
          = const
              (mconcat
                 ["X-Amz-Target" =#
                    ("TrentService.CreateKey" :: ByteString),
                  "Content-Type" =#
                    ("application/x-amz-json-1.1" :: ByteString)])

instance ToJSON CreateKey where
        toJSON CreateKey'{..}
          = object
              (catMaybes
                 [("KeyUsage" .=) <$> _ckKeyUsage,
                  ("Policy" .=) <$> _ckPolicy,
                  ("Description" .=) <$> _ckDescription])

instance ToPath CreateKey where
        toPath = const "/"

instance ToQuery CreateKey where
        toQuery = const mempty

-- | /See:/ 'createKeyResponse' smart constructor.
data CreateKeyResponse = CreateKeyResponse'
    { _ckrsKeyMetadata    :: !(Maybe KeyMetadata)
    , _ckrsResponseStatus :: !Int
    } deriving (Eq,Read,Show,Data,Typeable,Generic)

-- | Creates a value of 'CreateKeyResponse' with the minimum fields required to make a request.
--
-- Use one of the following lenses to modify other fields as desired:
--
-- * 'ckrsKeyMetadata'
--
-- * 'ckrsResponseStatus'
createKeyResponse
    :: Int -- ^ 'ckrsResponseStatus'
    -> CreateKeyResponse
createKeyResponse pResponseStatus_ =
    CreateKeyResponse'
    { _ckrsKeyMetadata = Nothing
    , _ckrsResponseStatus = pResponseStatus_
    }

-- | Metadata associated with the key.
ckrsKeyMetadata :: Lens' CreateKeyResponse (Maybe KeyMetadata)
ckrsKeyMetadata = lens _ckrsKeyMetadata (\ s a -> s{_ckrsKeyMetadata = a});

-- | The response status code.
ckrsResponseStatus :: Lens' CreateKeyResponse Int
ckrsResponseStatus = lens _ckrsResponseStatus (\ s a -> s{_ckrsResponseStatus = a});