{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE TypeFamilies #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-binds #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.KMS.ListRetirableGrants
-- Copyright   : (c) 2013-2023 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
--
-- Returns information about all grants in the Amazon Web Services account
-- and Region that have the specified retiring principal.
--
-- You can specify any principal in your Amazon Web Services account. The
-- grants that are returned include grants for KMS keys in your Amazon Web
-- Services account and other Amazon Web Services accounts. You might use
-- this operation to determine which grants you may retire. To retire a
-- grant, use the RetireGrant operation.
--
-- For detailed information about grants, including grant terminology, see
-- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html Grants in KMS>
-- in the //Key Management Service Developer Guide// . For examples of
-- working with grants in several programming languages, see
-- <https://docs.aws.amazon.com/kms/latest/developerguide/programming-grants.html Programming grants>.
--
-- __Cross-account use__: You must specify a principal in your Amazon Web
-- Services account. However, this operation can return grants in any
-- Amazon Web Services account. You do not need @kms:ListRetirableGrants@
-- permission (or any other additional permission) in any Amazon Web
-- Services account other than your own.
--
-- __Required permissions__:
-- <https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html kms:ListRetirableGrants>
-- (IAM policy) in your Amazon Web Services account.
--
-- __Related operations:__
--
-- -   CreateGrant
--
-- -   ListGrants
--
-- -   RetireGrant
--
-- -   RevokeGrant
--
-- This operation returns paginated results.
module Amazonka.KMS.ListRetirableGrants
  ( -- * Creating a Request
    ListRetirableGrants (..),
    newListRetirableGrants,

    -- * Request Lenses
    listRetirableGrants_limit,
    listRetirableGrants_marker,
    listRetirableGrants_retiringPrincipal,

    -- * Destructuring the Response
    ListGrantsResponse (..),
    newListGrantsResponse,

    -- * Response Lenses
    listGrantsResponse_grants,
    listGrantsResponse_nextMarker,
    listGrantsResponse_truncated,
  )
where

import qualified Amazonka.Core as Core
import qualified Amazonka.Core.Lens.Internal as Lens
import qualified Amazonka.Data as Data
import Amazonka.KMS.Types
import qualified Amazonka.Prelude as Prelude
import qualified Amazonka.Request as Request
import qualified Amazonka.Response as Response

-- | /See:/ 'newListRetirableGrants' smart constructor.
data ListRetirableGrants = ListRetirableGrants'
  { -- | Use this parameter to specify the maximum number of items to return.
    -- When this value is present, KMS does not return more than the specified
    -- number of items, but it might return fewer.
    --
    -- This value is optional. If you include a value, it must be between 1 and
    -- 100, inclusive. If you do not include a value, it defaults to 50.
    ListRetirableGrants -> Maybe Natural
limit :: Prelude.Maybe Prelude.Natural,
    -- | Use this parameter in a subsequent request after you receive a response
    -- with truncated results. Set it to the value of @NextMarker@ from the
    -- truncated response you just received.
    ListRetirableGrants -> Maybe Text
marker :: Prelude.Maybe Prelude.Text,
    -- | The retiring principal for which to list grants. Enter a principal in
    -- your Amazon Web Services account.
    --
    -- To specify the retiring principal, use the
    -- <https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Name (ARN)>
    -- of an Amazon Web Services principal. Valid Amazon Web Services
    -- principals include Amazon Web Services accounts (root), IAM users,
    -- federated users, and assumed role users. For examples of the ARN syntax
    -- for specifying a principal, see
    -- <https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-iam Amazon Web Services Identity and Access Management (IAM)>
    -- in the Example ARNs section of the /Amazon Web Services General
    -- Reference/.
    ListRetirableGrants -> Text
retiringPrincipal :: Prelude.Text
  }
  deriving (ListRetirableGrants -> ListRetirableGrants -> Bool
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: ListRetirableGrants -> ListRetirableGrants -> Bool
$c/= :: ListRetirableGrants -> ListRetirableGrants -> Bool
== :: ListRetirableGrants -> ListRetirableGrants -> Bool
$c== :: ListRetirableGrants -> ListRetirableGrants -> Bool
Prelude.Eq, ReadPrec [ListRetirableGrants]
ReadPrec ListRetirableGrants
Int -> ReadS ListRetirableGrants
ReadS [ListRetirableGrants]
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [ListRetirableGrants]
$creadListPrec :: ReadPrec [ListRetirableGrants]
readPrec :: ReadPrec ListRetirableGrants
$creadPrec :: ReadPrec ListRetirableGrants
readList :: ReadS [ListRetirableGrants]
$creadList :: ReadS [ListRetirableGrants]
readsPrec :: Int -> ReadS ListRetirableGrants
$creadsPrec :: Int -> ReadS ListRetirableGrants
Prelude.Read, Int -> ListRetirableGrants -> ShowS
[ListRetirableGrants] -> ShowS
ListRetirableGrants -> String
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [ListRetirableGrants] -> ShowS
$cshowList :: [ListRetirableGrants] -> ShowS
show :: ListRetirableGrants -> String
$cshow :: ListRetirableGrants -> String
showsPrec :: Int -> ListRetirableGrants -> ShowS
$cshowsPrec :: Int -> ListRetirableGrants -> ShowS
Prelude.Show, forall x. Rep ListRetirableGrants x -> ListRetirableGrants
forall x. ListRetirableGrants -> Rep ListRetirableGrants x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x. Rep ListRetirableGrants x -> ListRetirableGrants
$cfrom :: forall x. ListRetirableGrants -> Rep ListRetirableGrants x
Prelude.Generic)

-- |
-- Create a value of 'ListRetirableGrants' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'limit', 'listRetirableGrants_limit' - Use this parameter to specify the maximum number of items to return.
-- When this value is present, KMS does not return more than the specified
-- number of items, but it might return fewer.
--
-- This value is optional. If you include a value, it must be between 1 and
-- 100, inclusive. If you do not include a value, it defaults to 50.
--
-- 'marker', 'listRetirableGrants_marker' - Use this parameter in a subsequent request after you receive a response
-- with truncated results. Set it to the value of @NextMarker@ from the
-- truncated response you just received.
--
-- 'retiringPrincipal', 'listRetirableGrants_retiringPrincipal' - The retiring principal for which to list grants. Enter a principal in
-- your Amazon Web Services account.
--
-- To specify the retiring principal, use the
-- <https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Name (ARN)>
-- of an Amazon Web Services principal. Valid Amazon Web Services
-- principals include Amazon Web Services accounts (root), IAM users,
-- federated users, and assumed role users. For examples of the ARN syntax
-- for specifying a principal, see
-- <https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-iam Amazon Web Services Identity and Access Management (IAM)>
-- in the Example ARNs section of the /Amazon Web Services General
-- Reference/.
newListRetirableGrants ::
  -- | 'retiringPrincipal'
  Prelude.Text ->
  ListRetirableGrants
newListRetirableGrants :: Text -> ListRetirableGrants
newListRetirableGrants Text
pRetiringPrincipal_ =
  ListRetirableGrants'
    { $sel:limit:ListRetirableGrants' :: Maybe Natural
limit = forall a. Maybe a
Prelude.Nothing,
      $sel:marker:ListRetirableGrants' :: Maybe Text
marker = forall a. Maybe a
Prelude.Nothing,
      $sel:retiringPrincipal:ListRetirableGrants' :: Text
retiringPrincipal = Text
pRetiringPrincipal_
    }

-- | Use this parameter to specify the maximum number of items to return.
-- When this value is present, KMS does not return more than the specified
-- number of items, but it might return fewer.
--
-- This value is optional. If you include a value, it must be between 1 and
-- 100, inclusive. If you do not include a value, it defaults to 50.
listRetirableGrants_limit :: Lens.Lens' ListRetirableGrants (Prelude.Maybe Prelude.Natural)
listRetirableGrants_limit :: Lens' ListRetirableGrants (Maybe Natural)
listRetirableGrants_limit = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\ListRetirableGrants' {Maybe Natural
limit :: Maybe Natural
$sel:limit:ListRetirableGrants' :: ListRetirableGrants -> Maybe Natural
limit} -> Maybe Natural
limit) (\s :: ListRetirableGrants
s@ListRetirableGrants' {} Maybe Natural
a -> ListRetirableGrants
s {$sel:limit:ListRetirableGrants' :: Maybe Natural
limit = Maybe Natural
a} :: ListRetirableGrants)

-- | Use this parameter in a subsequent request after you receive a response
-- with truncated results. Set it to the value of @NextMarker@ from the
-- truncated response you just received.
listRetirableGrants_marker :: Lens.Lens' ListRetirableGrants (Prelude.Maybe Prelude.Text)
listRetirableGrants_marker :: Lens' ListRetirableGrants (Maybe Text)
listRetirableGrants_marker = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\ListRetirableGrants' {Maybe Text
marker :: Maybe Text
$sel:marker:ListRetirableGrants' :: ListRetirableGrants -> Maybe Text
marker} -> Maybe Text
marker) (\s :: ListRetirableGrants
s@ListRetirableGrants' {} Maybe Text
a -> ListRetirableGrants
s {$sel:marker:ListRetirableGrants' :: Maybe Text
marker = Maybe Text
a} :: ListRetirableGrants)

-- | The retiring principal for which to list grants. Enter a principal in
-- your Amazon Web Services account.
--
-- To specify the retiring principal, use the
-- <https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Name (ARN)>
-- of an Amazon Web Services principal. Valid Amazon Web Services
-- principals include Amazon Web Services accounts (root), IAM users,
-- federated users, and assumed role users. For examples of the ARN syntax
-- for specifying a principal, see
-- <https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-iam Amazon Web Services Identity and Access Management (IAM)>
-- in the Example ARNs section of the /Amazon Web Services General
-- Reference/.
listRetirableGrants_retiringPrincipal :: Lens.Lens' ListRetirableGrants Prelude.Text
listRetirableGrants_retiringPrincipal :: Lens' ListRetirableGrants Text
listRetirableGrants_retiringPrincipal = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\ListRetirableGrants' {Text
retiringPrincipal :: Text
$sel:retiringPrincipal:ListRetirableGrants' :: ListRetirableGrants -> Text
retiringPrincipal} -> Text
retiringPrincipal) (\s :: ListRetirableGrants
s@ListRetirableGrants' {} Text
a -> ListRetirableGrants
s {$sel:retiringPrincipal:ListRetirableGrants' :: Text
retiringPrincipal = Text
a} :: ListRetirableGrants)

instance Core.AWSPager ListRetirableGrants where
  page :: ListRetirableGrants
-> AWSResponse ListRetirableGrants -> Maybe ListRetirableGrants
page ListRetirableGrants
rq AWSResponse ListRetirableGrants
rs
    | forall a. AWSTruncated a => a -> Bool
Core.stop
        ( AWSResponse ListRetirableGrants
rs
            forall s a. s -> Getting (First a) s a -> Maybe a
Lens.^? Lens' ListGrantsResponse (Maybe Bool)
listGrantsResponse_truncated
            forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. forall a b. Prism (Maybe a) (Maybe b) a b
Lens._Just
        ) =
        forall a. Maybe a
Prelude.Nothing
    | forall a. Maybe a -> Bool
Prelude.isNothing
        ( AWSResponse ListRetirableGrants
rs
            forall s a. s -> Getting (First a) s a -> Maybe a
Lens.^? Lens' ListGrantsResponse (Maybe Text)
listGrantsResponse_nextMarker
            forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. forall a b. Prism (Maybe a) (Maybe b) a b
Lens._Just
        ) =
        forall a. Maybe a
Prelude.Nothing
    | Bool
Prelude.otherwise =
        forall a. a -> Maybe a
Prelude.Just
          forall a b. (a -> b) -> a -> b
Prelude.$ ListRetirableGrants
rq
          forall a b. a -> (a -> b) -> b
Prelude.& Lens' ListRetirableGrants (Maybe Text)
listRetirableGrants_marker
          forall s t a b. ASetter s t a b -> b -> s -> t
Lens..~ AWSResponse ListRetirableGrants
rs
          forall s a. s -> Getting (First a) s a -> Maybe a
Lens.^? Lens' ListGrantsResponse (Maybe Text)
listGrantsResponse_nextMarker
          forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. forall a b. Prism (Maybe a) (Maybe b) a b
Lens._Just

instance Core.AWSRequest ListRetirableGrants where
  type
    AWSResponse ListRetirableGrants =
      ListGrantsResponse
  request :: (Service -> Service)
-> ListRetirableGrants -> Request ListRetirableGrants
request Service -> Service
overrides =
    forall a. (ToRequest a, ToJSON a) => Service -> a -> Request a
Request.postJSON (Service -> Service
overrides Service
defaultService)
  response :: forall (m :: * -> *).
MonadResource m =>
(ByteStringLazy -> IO ByteStringLazy)
-> Service
-> Proxy ListRetirableGrants
-> ClientResponse ClientBody
-> m (Either
        Error (ClientResponse (AWSResponse ListRetirableGrants)))
response =
    forall (m :: * -> *) a.
MonadResource m =>
(Int -> ResponseHeaders -> Object -> Either String (AWSResponse a))
-> (ByteStringLazy -> IO ByteStringLazy)
-> Service
-> Proxy a
-> ClientResponse ClientBody
-> m (Either Error (ClientResponse (AWSResponse a)))
Response.receiveJSON
      (\Int
s ResponseHeaders
h Object
x -> forall a. FromJSON a => Object -> Either String a
Data.eitherParseJSON Object
x)

instance Prelude.Hashable ListRetirableGrants where
  hashWithSalt :: Int -> ListRetirableGrants -> Int
hashWithSalt Int
_salt ListRetirableGrants' {Maybe Natural
Maybe Text
Text
retiringPrincipal :: Text
marker :: Maybe Text
limit :: Maybe Natural
$sel:retiringPrincipal:ListRetirableGrants' :: ListRetirableGrants -> Text
$sel:marker:ListRetirableGrants' :: ListRetirableGrants -> Maybe Text
$sel:limit:ListRetirableGrants' :: ListRetirableGrants -> Maybe Natural
..} =
    Int
_salt
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Maybe Natural
limit
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Maybe Text
marker
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Text
retiringPrincipal

instance Prelude.NFData ListRetirableGrants where
  rnf :: ListRetirableGrants -> ()
rnf ListRetirableGrants' {Maybe Natural
Maybe Text
Text
retiringPrincipal :: Text
marker :: Maybe Text
limit :: Maybe Natural
$sel:retiringPrincipal:ListRetirableGrants' :: ListRetirableGrants -> Text
$sel:marker:ListRetirableGrants' :: ListRetirableGrants -> Maybe Text
$sel:limit:ListRetirableGrants' :: ListRetirableGrants -> Maybe Natural
..} =
    forall a. NFData a => a -> ()
Prelude.rnf Maybe Natural
limit
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Maybe Text
marker
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Text
retiringPrincipal

instance Data.ToHeaders ListRetirableGrants where
  toHeaders :: ListRetirableGrants -> ResponseHeaders
toHeaders =
    forall a b. a -> b -> a
Prelude.const
      ( forall a. Monoid a => [a] -> a
Prelude.mconcat
          [ HeaderName
"X-Amz-Target"
              forall a. ToHeader a => HeaderName -> a -> ResponseHeaders
Data.=# ( ByteString
"TrentService.ListRetirableGrants" ::
                          Prelude.ByteString
                      ),
            HeaderName
"Content-Type"
              forall a. ToHeader a => HeaderName -> a -> ResponseHeaders
Data.=# ( ByteString
"application/x-amz-json-1.1" ::
                          Prelude.ByteString
                      )
          ]
      )

instance Data.ToJSON ListRetirableGrants where
  toJSON :: ListRetirableGrants -> Value
toJSON ListRetirableGrants' {Maybe Natural
Maybe Text
Text
retiringPrincipal :: Text
marker :: Maybe Text
limit :: Maybe Natural
$sel:retiringPrincipal:ListRetirableGrants' :: ListRetirableGrants -> Text
$sel:marker:ListRetirableGrants' :: ListRetirableGrants -> Maybe Text
$sel:limit:ListRetirableGrants' :: ListRetirableGrants -> Maybe Natural
..} =
    [Pair] -> Value
Data.object
      ( forall a. [Maybe a] -> [a]
Prelude.catMaybes
          [ (Key
"Limit" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv
Data..=) forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe Natural
limit,
            (Key
"Marker" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv
Data..=) forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe Text
marker,
            forall a. a -> Maybe a
Prelude.Just
              (Key
"RetiringPrincipal" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv
Data..= Text
retiringPrincipal)
          ]
      )

instance Data.ToPath ListRetirableGrants where
  toPath :: ListRetirableGrants -> ByteString
toPath = forall a b. a -> b -> a
Prelude.const ByteString
"/"

instance Data.ToQuery ListRetirableGrants where
  toQuery :: ListRetirableGrants -> QueryString
toQuery = forall a b. a -> b -> a
Prelude.const forall a. Monoid a => a
Prelude.mempty