{-# LANGUAGE DeriveDataTypeable #-} {-# LANGUAGE DeriveGeneric #-} {-# LANGUAGE OverloadedStrings #-} {-# LANGUAGE RecordWildCards #-} {-# OPTIONS_GHC -fno-warn-unused-imports #-} -- Derived from AWS service descriptions, licensed under Apache 2.0. -- | -- Module : Network.AWS.KMS.Types.Product -- Copyright : (c) 2013-2015 Brendan Hay -- License : Mozilla Public License, v. 2.0. -- Maintainer : Brendan Hay -- Stability : auto-generated -- Portability : non-portable (GHC extensions) -- module Network.AWS.KMS.Types.Product where import Network.AWS.KMS.Types.Sum import Network.AWS.Lens import Network.AWS.Prelude -- | Contains information about an alias. -- -- /See:/ 'aliasListEntry' smart constructor. data AliasListEntry = AliasListEntry' { _aleTargetKeyId :: !(Maybe Text) , _aleAliasName :: !(Maybe Text) , _aleAliasARN :: !(Maybe Text) } deriving (Eq,Read,Show,Data,Typeable,Generic) -- | Creates a value of 'AliasListEntry' with the minimum fields required to make a request. -- -- Use one of the following lenses to modify other fields as desired: -- -- * 'aleTargetKeyId' -- -- * 'aleAliasName' -- -- * 'aleAliasARN' aliasListEntry :: AliasListEntry aliasListEntry = AliasListEntry' { _aleTargetKeyId = Nothing , _aleAliasName = Nothing , _aleAliasARN = Nothing } -- | String that contains the key identifier pointed to by the alias. aleTargetKeyId :: Lens' AliasListEntry (Maybe Text) aleTargetKeyId = lens _aleTargetKeyId (\ s a -> s{_aleTargetKeyId = a}); -- | String that contains the alias. aleAliasName :: Lens' AliasListEntry (Maybe Text) aleAliasName = lens _aleAliasName (\ s a -> s{_aleAliasName = a}); -- | String that contains the key ARN. aleAliasARN :: Lens' AliasListEntry (Maybe Text) aleAliasARN = lens _aleAliasARN (\ s a -> s{_aleAliasARN = a}); instance FromJSON AliasListEntry where parseJSON = withObject "AliasListEntry" (\ x -> AliasListEntry' <$> (x .:? "TargetKeyId") <*> (x .:? "AliasName") <*> (x .:? "AliasArn")) -- | A structure for specifying the conditions under which the operations -- permitted by the grant are allowed. -- -- You can use this structure to allow the operations permitted by the -- grant only when a specified encryption context is present. For more -- information about encryption context, see -- -- in the /AWS Key Management Service Developer Guide/. -- -- /See:/ 'grantConstraints' smart constructor. data GrantConstraints = GrantConstraints' { _gcEncryptionContextEquals :: !(Maybe (Map Text Text)) , _gcEncryptionContextSubset :: !(Maybe (Map Text Text)) } deriving (Eq,Read,Show,Data,Typeable,Generic) -- | Creates a value of 'GrantConstraints' with the minimum fields required to make a request. -- -- Use one of the following lenses to modify other fields as desired: -- -- * 'gcEncryptionContextEquals' -- -- * 'gcEncryptionContextSubset' grantConstraints :: GrantConstraints grantConstraints = GrantConstraints' { _gcEncryptionContextEquals = Nothing , _gcEncryptionContextSubset = Nothing } -- | Contains a list of key-value pairs that must be present in the -- encryption context of a subsequent operation permitted by the grant. -- When a subsequent operation permitted by the grant includes an -- encryption context that matches this list, the grant allows the -- operation. Otherwise, the operation is not allowed. gcEncryptionContextEquals :: Lens' GrantConstraints (HashMap Text Text) gcEncryptionContextEquals = lens _gcEncryptionContextEquals (\ s a -> s{_gcEncryptionContextEquals = a}) . _Default . _Map; -- | Contains a list of key-value pairs, a subset of which must be present in -- the encryption context of a subsequent operation permitted by the grant. -- When a subsequent operation permitted by the grant includes an -- encryption context that matches this list or is a subset of this list, -- the grant allows the operation. Otherwise, the operation is not allowed. gcEncryptionContextSubset :: Lens' GrantConstraints (HashMap Text Text) gcEncryptionContextSubset = lens _gcEncryptionContextSubset (\ s a -> s{_gcEncryptionContextSubset = a}) . _Default . _Map; instance FromJSON GrantConstraints where parseJSON = withObject "GrantConstraints" (\ x -> GrantConstraints' <$> (x .:? "EncryptionContextEquals" .!= mempty) <*> (x .:? "EncryptionContextSubset" .!= mempty)) instance ToJSON GrantConstraints where toJSON GrantConstraints'{..} = object (catMaybes [("EncryptionContextEquals" .=) <$> _gcEncryptionContextEquals, ("EncryptionContextSubset" .=) <$> _gcEncryptionContextSubset]) -- | Contains information about an entry in a list of grants. -- -- /See:/ 'grantListEntry' smart constructor. data GrantListEntry = GrantListEntry' { _gleKeyId :: !(Maybe Text) , _gleRetiringPrincipal :: !(Maybe Text) , _gleIssuingAccount :: !(Maybe Text) , _gleGrantId :: !(Maybe Text) , _gleConstraints :: !(Maybe GrantConstraints) , _gleGranteePrincipal :: !(Maybe Text) , _gleName :: !(Maybe Text) , _gleCreationDate :: !(Maybe POSIX) , _gleOperations :: !(Maybe [GrantOperation]) } deriving (Eq,Read,Show,Data,Typeable,Generic) -- | Creates a value of 'GrantListEntry' with the minimum fields required to make a request. -- -- Use one of the following lenses to modify other fields as desired: -- -- * 'gleKeyId' -- -- * 'gleRetiringPrincipal' -- -- * 'gleIssuingAccount' -- -- * 'gleGrantId' -- -- * 'gleConstraints' -- -- * 'gleGranteePrincipal' -- -- * 'gleName' -- -- * 'gleCreationDate' -- -- * 'gleOperations' grantListEntry :: GrantListEntry grantListEntry = GrantListEntry' { _gleKeyId = Nothing , _gleRetiringPrincipal = Nothing , _gleIssuingAccount = Nothing , _gleGrantId = Nothing , _gleConstraints = Nothing , _gleGranteePrincipal = Nothing , _gleName = Nothing , _gleCreationDate = Nothing , _gleOperations = Nothing } -- | The unique identifier for the customer master key (CMK) to which the -- grant applies. gleKeyId :: Lens' GrantListEntry (Maybe Text) gleKeyId = lens _gleKeyId (\ s a -> s{_gleKeyId = a}); -- | The principal that can retire the grant. gleRetiringPrincipal :: Lens' GrantListEntry (Maybe Text) gleRetiringPrincipal = lens _gleRetiringPrincipal (\ s a -> s{_gleRetiringPrincipal = a}); -- | The AWS account under which the grant was issued. gleIssuingAccount :: Lens' GrantListEntry (Maybe Text) gleIssuingAccount = lens _gleIssuingAccount (\ s a -> s{_gleIssuingAccount = a}); -- | The unique identifier for the grant. gleGrantId :: Lens' GrantListEntry (Maybe Text) gleGrantId = lens _gleGrantId (\ s a -> s{_gleGrantId = a}); -- | The conditions under which the grant\'s operations are allowed. gleConstraints :: Lens' GrantListEntry (Maybe GrantConstraints) gleConstraints = lens _gleConstraints (\ s a -> s{_gleConstraints = a}); -- | The principal that receives the grant\'s permissions. gleGranteePrincipal :: Lens' GrantListEntry (Maybe Text) gleGranteePrincipal = lens _gleGranteePrincipal (\ s a -> s{_gleGranteePrincipal = a}); -- | The friendly name that identifies the grant. If a name was provided in -- the CreateGrant request, that name is returned. Otherwise this value is -- null. gleName :: Lens' GrantListEntry (Maybe Text) gleName = lens _gleName (\ s a -> s{_gleName = a}); -- | The date and time when the grant was created. gleCreationDate :: Lens' GrantListEntry (Maybe UTCTime) gleCreationDate = lens _gleCreationDate (\ s a -> s{_gleCreationDate = a}) . mapping _Time; -- | The list of operations permitted by the grant. gleOperations :: Lens' GrantListEntry [GrantOperation] gleOperations = lens _gleOperations (\ s a -> s{_gleOperations = a}) . _Default . _Coerce; instance FromJSON GrantListEntry where parseJSON = withObject "GrantListEntry" (\ x -> GrantListEntry' <$> (x .:? "KeyId") <*> (x .:? "RetiringPrincipal") <*> (x .:? "IssuingAccount") <*> (x .:? "GrantId") <*> (x .:? "Constraints") <*> (x .:? "GranteePrincipal") <*> (x .:? "Name") <*> (x .:? "CreationDate") <*> (x .:? "Operations" .!= mempty)) -- | Contains information about each entry in the key list. -- -- /See:/ 'keyListEntry' smart constructor. data KeyListEntry = KeyListEntry' { _kleKeyId :: !(Maybe Text) , _kleKeyARN :: !(Maybe Text) } deriving (Eq,Read,Show,Data,Typeable,Generic) -- | Creates a value of 'KeyListEntry' with the minimum fields required to make a request. -- -- Use one of the following lenses to modify other fields as desired: -- -- * 'kleKeyId' -- -- * 'kleKeyARN' keyListEntry :: KeyListEntry keyListEntry = KeyListEntry' { _kleKeyId = Nothing , _kleKeyARN = Nothing } -- | Unique identifier of the key. kleKeyId :: Lens' KeyListEntry (Maybe Text) kleKeyId = lens _kleKeyId (\ s a -> s{_kleKeyId = a}); -- | ARN of the key. kleKeyARN :: Lens' KeyListEntry (Maybe Text) kleKeyARN = lens _kleKeyARN (\ s a -> s{_kleKeyARN = a}); instance FromJSON KeyListEntry where parseJSON = withObject "KeyListEntry" (\ x -> KeyListEntry' <$> (x .:? "KeyId") <*> (x .:? "KeyArn")) -- | Contains metadata about a customer master key (CMK). -- -- This data type is used as a response element for the CreateKey and -- DescribeKey operations. -- -- /See:/ 'keyMetadata' smart constructor. data KeyMetadata = KeyMetadata' { _kmEnabled :: !(Maybe Bool) , _kmARN :: !(Maybe Text) , _kmKeyState :: !(Maybe KeyState) , _kmAWSAccountId :: !(Maybe Text) , _kmKeyUsage :: !(Maybe KeyUsageType) , _kmCreationDate :: !(Maybe POSIX) , _kmDeletionDate :: !(Maybe POSIX) , _kmDescription :: !(Maybe Text) , _kmKeyId :: !Text } deriving (Eq,Read,Show,Data,Typeable,Generic) -- | Creates a value of 'KeyMetadata' with the minimum fields required to make a request. -- -- Use one of the following lenses to modify other fields as desired: -- -- * 'kmEnabled' -- -- * 'kmARN' -- -- * 'kmKeyState' -- -- * 'kmAWSAccountId' -- -- * 'kmKeyUsage' -- -- * 'kmCreationDate' -- -- * 'kmDeletionDate' -- -- * 'kmDescription' -- -- * 'kmKeyId' keyMetadata :: Text -- ^ 'kmKeyId' -> KeyMetadata keyMetadata pKeyId_ = KeyMetadata' { _kmEnabled = Nothing , _kmARN = Nothing , _kmKeyState = Nothing , _kmAWSAccountId = Nothing , _kmKeyUsage = Nothing , _kmCreationDate = Nothing , _kmDeletionDate = Nothing , _kmDescription = Nothing , _kmKeyId = pKeyId_ } -- | Specifies whether the key is enabled. When 'KeyState' is 'Enabled' this -- value is true, otherwise it is false. kmEnabled :: Lens' KeyMetadata (Maybe Bool) kmEnabled = lens _kmEnabled (\ s a -> s{_kmEnabled = a}); -- | The Amazon Resource Name (ARN) of the key. For examples, see -- -- in the Example ARNs section of the /AWS General Reference/. kmARN :: Lens' KeyMetadata (Maybe Text) kmARN = lens _kmARN (\ s a -> s{_kmARN = a}); -- | The state of the customer master key (CMK). -- -- For more information about how key state affects the use of a CMK, go to -- -- in the /AWS Key Management Service Developer Guide/. kmKeyState :: Lens' KeyMetadata (Maybe KeyState) kmKeyState = lens _kmKeyState (\ s a -> s{_kmKeyState = a}); -- | The twelve-digit account ID of the AWS account that owns the key. kmAWSAccountId :: Lens' KeyMetadata (Maybe Text) kmAWSAccountId = lens _kmAWSAccountId (\ s a -> s{_kmAWSAccountId = a}); -- | The cryptographic operations for which you can use the key. Currently -- the only allowed value is 'ENCRYPT_DECRYPT', which means you can use the -- key for the Encrypt and Decrypt operations. kmKeyUsage :: Lens' KeyMetadata (Maybe KeyUsageType) kmKeyUsage = lens _kmKeyUsage (\ s a -> s{_kmKeyUsage = a}); -- | The date and time when the key was created. kmCreationDate :: Lens' KeyMetadata (Maybe UTCTime) kmCreationDate = lens _kmCreationDate (\ s a -> s{_kmCreationDate = a}) . mapping _Time; -- | The date and time after which AWS KMS deletes the customer master key -- (CMK). This value is present only when 'KeyState' is 'PendingDeletion', -- otherwise this value is null. kmDeletionDate :: Lens' KeyMetadata (Maybe UTCTime) kmDeletionDate = lens _kmDeletionDate (\ s a -> s{_kmDeletionDate = a}) . mapping _Time; -- | The friendly description of the key. kmDescription :: Lens' KeyMetadata (Maybe Text) kmDescription = lens _kmDescription (\ s a -> s{_kmDescription = a}); -- | The globally unique identifier for the key. kmKeyId :: Lens' KeyMetadata Text kmKeyId = lens _kmKeyId (\ s a -> s{_kmKeyId = a}); instance FromJSON KeyMetadata where parseJSON = withObject "KeyMetadata" (\ x -> KeyMetadata' <$> (x .:? "Enabled") <*> (x .:? "Arn") <*> (x .:? "KeyState") <*> (x .:? "AWSAccountId") <*> (x .:? "KeyUsage") <*> (x .:? "CreationDate") <*> (x .:? "DeletionDate") <*> (x .:? "Description") <*> (x .: "KeyId")) -- | /See:/ 'listGrantsResponse' smart constructor. data ListGrantsResponse = ListGrantsResponse' { _lgTruncated :: !(Maybe Bool) , _lgGrants :: !(Maybe [GrantListEntry]) , _lgNextMarker :: !(Maybe Text) } deriving (Eq,Read,Show,Data,Typeable,Generic) -- | Creates a value of 'ListGrantsResponse' with the minimum fields required to make a request. -- -- Use one of the following lenses to modify other fields as desired: -- -- * 'lgTruncated' -- -- * 'lgGrants' -- -- * 'lgNextMarker' listGrantsResponse :: ListGrantsResponse listGrantsResponse = ListGrantsResponse' { _lgTruncated = Nothing , _lgGrants = Nothing , _lgNextMarker = Nothing } -- | A flag that indicates whether there are more items in the list. If your -- results were truncated, you can use the 'Marker' parameter to make a -- subsequent pagination request to retrieve more items in the list. lgTruncated :: Lens' ListGrantsResponse (Maybe Bool) lgTruncated = lens _lgTruncated (\ s a -> s{_lgTruncated = a}); -- | A list of grants. lgGrants :: Lens' ListGrantsResponse [GrantListEntry] lgGrants = lens _lgGrants (\ s a -> s{_lgGrants = a}) . _Default . _Coerce; -- | When 'Truncated' is true, this value is present and contains the value -- to use for the 'Marker' parameter in a subsequent pagination request. lgNextMarker :: Lens' ListGrantsResponse (Maybe Text) lgNextMarker = lens _lgNextMarker (\ s a -> s{_lgNextMarker = a}); instance FromJSON ListGrantsResponse where parseJSON = withObject "ListGrantsResponse" (\ x -> ListGrantsResponse' <$> (x .:? "Truncated") <*> (x .:? "Grants" .!= mempty) <*> (x .:? "NextMarker"))