{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE TypeFamilies #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-binds #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.KMS.GetKeyRotationStatus
-- Copyright   : (c) 2013-2023 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
--
-- Gets a Boolean value that indicates whether
-- <https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html automatic rotation of the key material>
-- is enabled for the specified KMS key.
--
-- When you enable automatic rotation for
-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk customer managed KMS keys>,
-- KMS rotates the key material of the KMS key one year (approximately 365
-- days) from the enable date and every year thereafter. You can monitor
-- rotation of the key material for your KMS keys in CloudTrail and Amazon
-- CloudWatch.
--
-- Automatic key rotation is supported only on
-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#symmetric-cmks symmetric encryption KMS keys>.
-- You cannot enable automatic rotation of
-- <https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html asymmetric KMS keys>,
-- <https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html HMAC KMS keys>,
-- KMS keys with
-- <https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html imported key material>,
-- or KMS keys in a
-- <https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html custom key store>.
-- To enable or disable automatic rotation of a set of related
-- <https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate multi-Region keys>,
-- set the property on the primary key..
--
-- You can enable (EnableKeyRotation) and disable automatic rotation
-- (DisableKeyRotation) of the key material in customer managed KMS keys.
-- Key material rotation of
-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk Amazon Web Services managed KMS keys>
-- is not configurable. KMS always rotates the key material in Amazon Web
-- Services managed KMS keys every year. The key rotation status for Amazon
-- Web Services managed KMS keys is always @true@.
--
-- In May 2022, KMS changed the rotation schedule for Amazon Web Services
-- managed keys from every three years to every year. For details, see
-- EnableKeyRotation.
--
-- The KMS key that you use for this operation must be in a compatible key
-- state. For details, see
-- <https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html Key states of KMS keys>
-- in the /Key Management Service Developer Guide/.
--
-- -   Disabled: The key rotation status does not change when you disable a
--     KMS key. However, while the KMS key is disabled, KMS does not rotate
--     the key material. When you re-enable the KMS key, rotation resumes.
--     If the key material in the re-enabled KMS key hasn\'t been rotated
--     in one year, KMS rotates it immediately, and every year thereafter.
--     If it\'s been less than a year since the key material in the
--     re-enabled KMS key was rotated, the KMS key resumes its prior
--     rotation schedule.
--
-- -   Pending deletion: While a KMS key is pending deletion, its key
--     rotation status is @false@ and KMS does not rotate the key material.
--     If you cancel the deletion, the original key rotation status returns
--     to @true@.
--
-- __Cross-account use__: Yes. To perform this operation on a KMS key in a
-- different Amazon Web Services account, specify the key ARN in the value
-- of the @KeyId@ parameter.
--
-- __Required permissions__:
-- <https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html kms:GetKeyRotationStatus>
-- (key policy)
--
-- __Related operations:__
--
-- -   DisableKeyRotation
--
-- -   EnableKeyRotation
module Amazonka.KMS.GetKeyRotationStatus
  ( -- * Creating a Request
    GetKeyRotationStatus (..),
    newGetKeyRotationStatus,

    -- * Request Lenses
    getKeyRotationStatus_keyId,

    -- * Destructuring the Response
    GetKeyRotationStatusResponse (..),
    newGetKeyRotationStatusResponse,

    -- * Response Lenses
    getKeyRotationStatusResponse_keyRotationEnabled,
    getKeyRotationStatusResponse_httpStatus,
  )
where

import qualified Amazonka.Core as Core
import qualified Amazonka.Core.Lens.Internal as Lens
import qualified Amazonka.Data as Data
import Amazonka.KMS.Types
import qualified Amazonka.Prelude as Prelude
import qualified Amazonka.Request as Request
import qualified Amazonka.Response as Response

-- | /See:/ 'newGetKeyRotationStatus' smart constructor.
data GetKeyRotationStatus = GetKeyRotationStatus'
  { -- | Gets the rotation status for the specified KMS key.
    --
    -- Specify the key ID or key ARN of the KMS key. To specify a KMS key in a
    -- different Amazon Web Services account, you must use the key ARN.
    --
    -- For example:
    --
    -- -   Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@
    --
    -- -   Key ARN:
    --     @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@
    --
    -- To get the key ID and key ARN for a KMS key, use ListKeys or
    -- DescribeKey.
    GetKeyRotationStatus -> Text
keyId :: Prelude.Text
  }
  deriving (GetKeyRotationStatus -> GetKeyRotationStatus -> Bool
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: GetKeyRotationStatus -> GetKeyRotationStatus -> Bool
$c/= :: GetKeyRotationStatus -> GetKeyRotationStatus -> Bool
== :: GetKeyRotationStatus -> GetKeyRotationStatus -> Bool
$c== :: GetKeyRotationStatus -> GetKeyRotationStatus -> Bool
Prelude.Eq, ReadPrec [GetKeyRotationStatus]
ReadPrec GetKeyRotationStatus
Int -> ReadS GetKeyRotationStatus
ReadS [GetKeyRotationStatus]
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [GetKeyRotationStatus]
$creadListPrec :: ReadPrec [GetKeyRotationStatus]
readPrec :: ReadPrec GetKeyRotationStatus
$creadPrec :: ReadPrec GetKeyRotationStatus
readList :: ReadS [GetKeyRotationStatus]
$creadList :: ReadS [GetKeyRotationStatus]
readsPrec :: Int -> ReadS GetKeyRotationStatus
$creadsPrec :: Int -> ReadS GetKeyRotationStatus
Prelude.Read, Int -> GetKeyRotationStatus -> ShowS
[GetKeyRotationStatus] -> ShowS
GetKeyRotationStatus -> String
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [GetKeyRotationStatus] -> ShowS
$cshowList :: [GetKeyRotationStatus] -> ShowS
show :: GetKeyRotationStatus -> String
$cshow :: GetKeyRotationStatus -> String
showsPrec :: Int -> GetKeyRotationStatus -> ShowS
$cshowsPrec :: Int -> GetKeyRotationStatus -> ShowS
Prelude.Show, forall x. Rep GetKeyRotationStatus x -> GetKeyRotationStatus
forall x. GetKeyRotationStatus -> Rep GetKeyRotationStatus x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x. Rep GetKeyRotationStatus x -> GetKeyRotationStatus
$cfrom :: forall x. GetKeyRotationStatus -> Rep GetKeyRotationStatus x
Prelude.Generic)

-- |
-- Create a value of 'GetKeyRotationStatus' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'keyId', 'getKeyRotationStatus_keyId' - Gets the rotation status for the specified KMS key.
--
-- Specify the key ID or key ARN of the KMS key. To specify a KMS key in a
-- different Amazon Web Services account, you must use the key ARN.
--
-- For example:
--
-- -   Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@
--
-- -   Key ARN:
--     @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@
--
-- To get the key ID and key ARN for a KMS key, use ListKeys or
-- DescribeKey.
newGetKeyRotationStatus ::
  -- | 'keyId'
  Prelude.Text ->
  GetKeyRotationStatus
newGetKeyRotationStatus :: Text -> GetKeyRotationStatus
newGetKeyRotationStatus Text
pKeyId_ =
  GetKeyRotationStatus' {$sel:keyId:GetKeyRotationStatus' :: Text
keyId = Text
pKeyId_}

-- | Gets the rotation status for the specified KMS key.
--
-- Specify the key ID or key ARN of the KMS key. To specify a KMS key in a
-- different Amazon Web Services account, you must use the key ARN.
--
-- For example:
--
-- -   Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@
--
-- -   Key ARN:
--     @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@
--
-- To get the key ID and key ARN for a KMS key, use ListKeys or
-- DescribeKey.
getKeyRotationStatus_keyId :: Lens.Lens' GetKeyRotationStatus Prelude.Text
getKeyRotationStatus_keyId :: Lens' GetKeyRotationStatus Text
getKeyRotationStatus_keyId = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\GetKeyRotationStatus' {Text
keyId :: Text
$sel:keyId:GetKeyRotationStatus' :: GetKeyRotationStatus -> Text
keyId} -> Text
keyId) (\s :: GetKeyRotationStatus
s@GetKeyRotationStatus' {} Text
a -> GetKeyRotationStatus
s {$sel:keyId:GetKeyRotationStatus' :: Text
keyId = Text
a} :: GetKeyRotationStatus)

instance Core.AWSRequest GetKeyRotationStatus where
  type
    AWSResponse GetKeyRotationStatus =
      GetKeyRotationStatusResponse
  request :: (Service -> Service)
-> GetKeyRotationStatus -> Request GetKeyRotationStatus
request Service -> Service
overrides =
    forall a. (ToRequest a, ToJSON a) => Service -> a -> Request a
Request.postJSON (Service -> Service
overrides Service
defaultService)
  response :: forall (m :: * -> *).
MonadResource m =>
(ByteStringLazy -> IO ByteStringLazy)
-> Service
-> Proxy GetKeyRotationStatus
-> ClientResponse ClientBody
-> m (Either
        Error (ClientResponse (AWSResponse GetKeyRotationStatus)))
response =
    forall (m :: * -> *) a.
MonadResource m =>
(Int -> ResponseHeaders -> Object -> Either String (AWSResponse a))
-> (ByteStringLazy -> IO ByteStringLazy)
-> Service
-> Proxy a
-> ClientResponse ClientBody
-> m (Either Error (ClientResponse (AWSResponse a)))
Response.receiveJSON
      ( \Int
s ResponseHeaders
h Object
x ->
          Maybe Bool -> Int -> GetKeyRotationStatusResponse
GetKeyRotationStatusResponse'
            forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> (Object
x forall a. FromJSON a => Object -> Key -> Either String (Maybe a)
Data..?> Key
"KeyRotationEnabled")
            forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (forall (f :: * -> *) a. Applicative f => a -> f a
Prelude.pure (forall a. Enum a => a -> Int
Prelude.fromEnum Int
s))
      )

instance Prelude.Hashable GetKeyRotationStatus where
  hashWithSalt :: Int -> GetKeyRotationStatus -> Int
hashWithSalt Int
_salt GetKeyRotationStatus' {Text
keyId :: Text
$sel:keyId:GetKeyRotationStatus' :: GetKeyRotationStatus -> Text
..} =
    Int
_salt forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Text
keyId

instance Prelude.NFData GetKeyRotationStatus where
  rnf :: GetKeyRotationStatus -> ()
rnf GetKeyRotationStatus' {Text
keyId :: Text
$sel:keyId:GetKeyRotationStatus' :: GetKeyRotationStatus -> Text
..} = forall a. NFData a => a -> ()
Prelude.rnf Text
keyId

instance Data.ToHeaders GetKeyRotationStatus where
  toHeaders :: GetKeyRotationStatus -> ResponseHeaders
toHeaders =
    forall a b. a -> b -> a
Prelude.const
      ( forall a. Monoid a => [a] -> a
Prelude.mconcat
          [ HeaderName
"X-Amz-Target"
              forall a. ToHeader a => HeaderName -> a -> ResponseHeaders
Data.=# ( ByteString
"TrentService.GetKeyRotationStatus" ::
                          Prelude.ByteString
                      ),
            HeaderName
"Content-Type"
              forall a. ToHeader a => HeaderName -> a -> ResponseHeaders
Data.=# ( ByteString
"application/x-amz-json-1.1" ::
                          Prelude.ByteString
                      )
          ]
      )

instance Data.ToJSON GetKeyRotationStatus where
  toJSON :: GetKeyRotationStatus -> Value
toJSON GetKeyRotationStatus' {Text
keyId :: Text
$sel:keyId:GetKeyRotationStatus' :: GetKeyRotationStatus -> Text
..} =
    [Pair] -> Value
Data.object
      ( forall a. [Maybe a] -> [a]
Prelude.catMaybes
          [forall a. a -> Maybe a
Prelude.Just (Key
"KeyId" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv
Data..= Text
keyId)]
      )

instance Data.ToPath GetKeyRotationStatus where
  toPath :: GetKeyRotationStatus -> ByteString
toPath = forall a b. a -> b -> a
Prelude.const ByteString
"/"

instance Data.ToQuery GetKeyRotationStatus where
  toQuery :: GetKeyRotationStatus -> QueryString
toQuery = forall a b. a -> b -> a
Prelude.const forall a. Monoid a => a
Prelude.mempty

-- | /See:/ 'newGetKeyRotationStatusResponse' smart constructor.
data GetKeyRotationStatusResponse = GetKeyRotationStatusResponse'
  { -- | A Boolean value that specifies whether key rotation is enabled.
    GetKeyRotationStatusResponse -> Maybe Bool
keyRotationEnabled :: Prelude.Maybe Prelude.Bool,
    -- | The response's http status code.
    GetKeyRotationStatusResponse -> Int
httpStatus :: Prelude.Int
  }
  deriving (GetKeyRotationStatusResponse
-> GetKeyRotationStatusResponse -> Bool
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: GetKeyRotationStatusResponse
-> GetKeyRotationStatusResponse -> Bool
$c/= :: GetKeyRotationStatusResponse
-> GetKeyRotationStatusResponse -> Bool
== :: GetKeyRotationStatusResponse
-> GetKeyRotationStatusResponse -> Bool
$c== :: GetKeyRotationStatusResponse
-> GetKeyRotationStatusResponse -> Bool
Prelude.Eq, ReadPrec [GetKeyRotationStatusResponse]
ReadPrec GetKeyRotationStatusResponse
Int -> ReadS GetKeyRotationStatusResponse
ReadS [GetKeyRotationStatusResponse]
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [GetKeyRotationStatusResponse]
$creadListPrec :: ReadPrec [GetKeyRotationStatusResponse]
readPrec :: ReadPrec GetKeyRotationStatusResponse
$creadPrec :: ReadPrec GetKeyRotationStatusResponse
readList :: ReadS [GetKeyRotationStatusResponse]
$creadList :: ReadS [GetKeyRotationStatusResponse]
readsPrec :: Int -> ReadS GetKeyRotationStatusResponse
$creadsPrec :: Int -> ReadS GetKeyRotationStatusResponse
Prelude.Read, Int -> GetKeyRotationStatusResponse -> ShowS
[GetKeyRotationStatusResponse] -> ShowS
GetKeyRotationStatusResponse -> String
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [GetKeyRotationStatusResponse] -> ShowS
$cshowList :: [GetKeyRotationStatusResponse] -> ShowS
show :: GetKeyRotationStatusResponse -> String
$cshow :: GetKeyRotationStatusResponse -> String
showsPrec :: Int -> GetKeyRotationStatusResponse -> ShowS
$cshowsPrec :: Int -> GetKeyRotationStatusResponse -> ShowS
Prelude.Show, forall x.
Rep GetKeyRotationStatusResponse x -> GetKeyRotationStatusResponse
forall x.
GetKeyRotationStatusResponse -> Rep GetKeyRotationStatusResponse x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x.
Rep GetKeyRotationStatusResponse x -> GetKeyRotationStatusResponse
$cfrom :: forall x.
GetKeyRotationStatusResponse -> Rep GetKeyRotationStatusResponse x
Prelude.Generic)

-- |
-- Create a value of 'GetKeyRotationStatusResponse' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'keyRotationEnabled', 'getKeyRotationStatusResponse_keyRotationEnabled' - A Boolean value that specifies whether key rotation is enabled.
--
-- 'httpStatus', 'getKeyRotationStatusResponse_httpStatus' - The response's http status code.
newGetKeyRotationStatusResponse ::
  -- | 'httpStatus'
  Prelude.Int ->
  GetKeyRotationStatusResponse
newGetKeyRotationStatusResponse :: Int -> GetKeyRotationStatusResponse
newGetKeyRotationStatusResponse Int
pHttpStatus_ =
  GetKeyRotationStatusResponse'
    { $sel:keyRotationEnabled:GetKeyRotationStatusResponse' :: Maybe Bool
keyRotationEnabled =
        forall a. Maybe a
Prelude.Nothing,
      $sel:httpStatus:GetKeyRotationStatusResponse' :: Int
httpStatus = Int
pHttpStatus_
    }

-- | A Boolean value that specifies whether key rotation is enabled.
getKeyRotationStatusResponse_keyRotationEnabled :: Lens.Lens' GetKeyRotationStatusResponse (Prelude.Maybe Prelude.Bool)
getKeyRotationStatusResponse_keyRotationEnabled :: Lens' GetKeyRotationStatusResponse (Maybe Bool)
getKeyRotationStatusResponse_keyRotationEnabled = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\GetKeyRotationStatusResponse' {Maybe Bool
keyRotationEnabled :: Maybe Bool
$sel:keyRotationEnabled:GetKeyRotationStatusResponse' :: GetKeyRotationStatusResponse -> Maybe Bool
keyRotationEnabled} -> Maybe Bool
keyRotationEnabled) (\s :: GetKeyRotationStatusResponse
s@GetKeyRotationStatusResponse' {} Maybe Bool
a -> GetKeyRotationStatusResponse
s {$sel:keyRotationEnabled:GetKeyRotationStatusResponse' :: Maybe Bool
keyRotationEnabled = Maybe Bool
a} :: GetKeyRotationStatusResponse)

-- | The response's http status code.
getKeyRotationStatusResponse_httpStatus :: Lens.Lens' GetKeyRotationStatusResponse Prelude.Int
getKeyRotationStatusResponse_httpStatus :: Lens' GetKeyRotationStatusResponse Int
getKeyRotationStatusResponse_httpStatus = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\GetKeyRotationStatusResponse' {Int
httpStatus :: Int
$sel:httpStatus:GetKeyRotationStatusResponse' :: GetKeyRotationStatusResponse -> Int
httpStatus} -> Int
httpStatus) (\s :: GetKeyRotationStatusResponse
s@GetKeyRotationStatusResponse' {} Int
a -> GetKeyRotationStatusResponse
s {$sel:httpStatus:GetKeyRotationStatusResponse' :: Int
httpStatus = Int
a} :: GetKeyRotationStatusResponse)

instance Prelude.NFData GetKeyRotationStatusResponse where
  rnf :: GetKeyRotationStatusResponse -> ()
rnf GetKeyRotationStatusResponse' {Int
Maybe Bool
httpStatus :: Int
keyRotationEnabled :: Maybe Bool
$sel:httpStatus:GetKeyRotationStatusResponse' :: GetKeyRotationStatusResponse -> Int
$sel:keyRotationEnabled:GetKeyRotationStatusResponse' :: GetKeyRotationStatusResponse -> Maybe Bool
..} =
    forall a. NFData a => a -> ()
Prelude.rnf Maybe Bool
keyRotationEnabled
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Int
httpStatus