{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE TypeFamilies #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-binds #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.KMS.UpdateAlias
-- Copyright   : (c) 2013-2023 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
--
-- Associates an existing KMS alias with a different KMS key. Each alias is
-- associated with only one KMS key at a time, although a KMS key can have
-- multiple aliases. The alias and the KMS key must be in the same Amazon
-- Web Services account and Region.
--
-- Adding, deleting, or updating an alias can allow or deny permission to
-- the KMS key. For details, see
-- <https://docs.aws.amazon.com/kms/latest/developerguide/abac.html ABAC for KMS>
-- in the /Key Management Service Developer Guide/.
--
-- The current and new KMS key must be the same type (both symmetric or
-- both asymmetric or both HMAC), and they must have the same key usage.
-- This restriction prevents errors in code that uses aliases. If you must
-- assign an alias to a different type of KMS key, use DeleteAlias to
-- delete the old alias and CreateAlias to create a new alias.
--
-- You cannot use @UpdateAlias@ to change an alias name. To change an alias
-- name, use DeleteAlias to delete the old alias and CreateAlias to create
-- a new alias.
--
-- Because an alias is not a property of a KMS key, you can create, update,
-- and delete the aliases of a KMS key without affecting the KMS key. Also,
-- aliases do not appear in the response from the DescribeKey operation. To
-- get the aliases of all KMS keys in the account, use the ListAliases
-- operation.
--
-- The KMS key that you use for this operation must be in a compatible key
-- state. For details, see
-- <https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html Key states of KMS keys>
-- in the /Key Management Service Developer Guide/.
--
-- __Cross-account use__: No. You cannot perform this operation on a KMS
-- key in a different Amazon Web Services account.
--
-- __Required permissions__
--
-- -   <https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html kms:UpdateAlias>
--     on the alias (IAM policy).
--
-- -   <https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html kms:UpdateAlias>
--     on the current KMS key (key policy).
--
-- -   <https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html kms:UpdateAlias>
--     on the new KMS key (key policy).
--
-- For details, see
-- <https://docs.aws.amazon.com/kms/latest/developerguide/kms-alias.html#alias-access Controlling access to aliases>
-- in the /Key Management Service Developer Guide/.
--
-- __Related operations:__
--
-- -   CreateAlias
--
-- -   DeleteAlias
--
-- -   ListAliases
module Amazonka.KMS.UpdateAlias
  ( -- * Creating a Request
    UpdateAlias (..),
    newUpdateAlias,

    -- * Request Lenses
    updateAlias_aliasName,
    updateAlias_targetKeyId,

    -- * Destructuring the Response
    UpdateAliasResponse (..),
    newUpdateAliasResponse,
  )
where

import qualified Amazonka.Core as Core
import qualified Amazonka.Core.Lens.Internal as Lens
import qualified Amazonka.Data as Data
import Amazonka.KMS.Types
import qualified Amazonka.Prelude as Prelude
import qualified Amazonka.Request as Request
import qualified Amazonka.Response as Response

-- | /See:/ 'newUpdateAlias' smart constructor.
data UpdateAlias = UpdateAlias'
  { -- | Identifies the alias that is changing its KMS key. This value must begin
    -- with @alias\/@ followed by the alias name, such as
    -- @alias\/ExampleAlias@. You cannot use @UpdateAlias@ to change the alias
    -- name.
    UpdateAlias -> Text
aliasName :: Prelude.Text,
    -- | Identifies the
    -- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk customer managed key>
    -- to associate with the alias. You don\'t have permission to associate an
    -- alias with an
    -- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk Amazon Web Services managed key>.
    --
    -- The KMS key must be in the same Amazon Web Services account and Region
    -- as the alias. Also, the new target KMS key must be the same type as the
    -- current target KMS key (both symmetric or both asymmetric or both HMAC)
    -- and they must have the same key usage.
    --
    -- Specify the key ID or key ARN of the KMS key.
    --
    -- For example:
    --
    -- -   Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@
    --
    -- -   Key ARN:
    --     @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@
    --
    -- To get the key ID and key ARN for a KMS key, use ListKeys or
    -- DescribeKey.
    --
    -- To verify that the alias is mapped to the correct KMS key, use
    -- ListAliases.
    UpdateAlias -> Text
targetKeyId :: Prelude.Text
  }
  deriving (UpdateAlias -> UpdateAlias -> Bool
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: UpdateAlias -> UpdateAlias -> Bool
$c/= :: UpdateAlias -> UpdateAlias -> Bool
== :: UpdateAlias -> UpdateAlias -> Bool
$c== :: UpdateAlias -> UpdateAlias -> Bool
Prelude.Eq, ReadPrec [UpdateAlias]
ReadPrec UpdateAlias
Int -> ReadS UpdateAlias
ReadS [UpdateAlias]
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [UpdateAlias]
$creadListPrec :: ReadPrec [UpdateAlias]
readPrec :: ReadPrec UpdateAlias
$creadPrec :: ReadPrec UpdateAlias
readList :: ReadS [UpdateAlias]
$creadList :: ReadS [UpdateAlias]
readsPrec :: Int -> ReadS UpdateAlias
$creadsPrec :: Int -> ReadS UpdateAlias
Prelude.Read, Int -> UpdateAlias -> ShowS
[UpdateAlias] -> ShowS
UpdateAlias -> String
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [UpdateAlias] -> ShowS
$cshowList :: [UpdateAlias] -> ShowS
show :: UpdateAlias -> String
$cshow :: UpdateAlias -> String
showsPrec :: Int -> UpdateAlias -> ShowS
$cshowsPrec :: Int -> UpdateAlias -> ShowS
Prelude.Show, forall x. Rep UpdateAlias x -> UpdateAlias
forall x. UpdateAlias -> Rep UpdateAlias x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x. Rep UpdateAlias x -> UpdateAlias
$cfrom :: forall x. UpdateAlias -> Rep UpdateAlias x
Prelude.Generic)

-- |
-- Create a value of 'UpdateAlias' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'aliasName', 'updateAlias_aliasName' - Identifies the alias that is changing its KMS key. This value must begin
-- with @alias\/@ followed by the alias name, such as
-- @alias\/ExampleAlias@. You cannot use @UpdateAlias@ to change the alias
-- name.
--
-- 'targetKeyId', 'updateAlias_targetKeyId' - Identifies the
-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk customer managed key>
-- to associate with the alias. You don\'t have permission to associate an
-- alias with an
-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk Amazon Web Services managed key>.
--
-- The KMS key must be in the same Amazon Web Services account and Region
-- as the alias. Also, the new target KMS key must be the same type as the
-- current target KMS key (both symmetric or both asymmetric or both HMAC)
-- and they must have the same key usage.
--
-- Specify the key ID or key ARN of the KMS key.
--
-- For example:
--
-- -   Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@
--
-- -   Key ARN:
--     @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@
--
-- To get the key ID and key ARN for a KMS key, use ListKeys or
-- DescribeKey.
--
-- To verify that the alias is mapped to the correct KMS key, use
-- ListAliases.
newUpdateAlias ::
  -- | 'aliasName'
  Prelude.Text ->
  -- | 'targetKeyId'
  Prelude.Text ->
  UpdateAlias
newUpdateAlias :: Text -> Text -> UpdateAlias
newUpdateAlias Text
pAliasName_ Text
pTargetKeyId_ =
  UpdateAlias'
    { $sel:aliasName:UpdateAlias' :: Text
aliasName = Text
pAliasName_,
      $sel:targetKeyId:UpdateAlias' :: Text
targetKeyId = Text
pTargetKeyId_
    }

-- | Identifies the alias that is changing its KMS key. This value must begin
-- with @alias\/@ followed by the alias name, such as
-- @alias\/ExampleAlias@. You cannot use @UpdateAlias@ to change the alias
-- name.
updateAlias_aliasName :: Lens.Lens' UpdateAlias Prelude.Text
updateAlias_aliasName :: Lens' UpdateAlias Text
updateAlias_aliasName = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\UpdateAlias' {Text
aliasName :: Text
$sel:aliasName:UpdateAlias' :: UpdateAlias -> Text
aliasName} -> Text
aliasName) (\s :: UpdateAlias
s@UpdateAlias' {} Text
a -> UpdateAlias
s {$sel:aliasName:UpdateAlias' :: Text
aliasName = Text
a} :: UpdateAlias)

-- | Identifies the
-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk customer managed key>
-- to associate with the alias. You don\'t have permission to associate an
-- alias with an
-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk Amazon Web Services managed key>.
--
-- The KMS key must be in the same Amazon Web Services account and Region
-- as the alias. Also, the new target KMS key must be the same type as the
-- current target KMS key (both symmetric or both asymmetric or both HMAC)
-- and they must have the same key usage.
--
-- Specify the key ID or key ARN of the KMS key.
--
-- For example:
--
-- -   Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@
--
-- -   Key ARN:
--     @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@
--
-- To get the key ID and key ARN for a KMS key, use ListKeys or
-- DescribeKey.
--
-- To verify that the alias is mapped to the correct KMS key, use
-- ListAliases.
updateAlias_targetKeyId :: Lens.Lens' UpdateAlias Prelude.Text
updateAlias_targetKeyId :: Lens' UpdateAlias Text
updateAlias_targetKeyId = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\UpdateAlias' {Text
targetKeyId :: Text
$sel:targetKeyId:UpdateAlias' :: UpdateAlias -> Text
targetKeyId} -> Text
targetKeyId) (\s :: UpdateAlias
s@UpdateAlias' {} Text
a -> UpdateAlias
s {$sel:targetKeyId:UpdateAlias' :: Text
targetKeyId = Text
a} :: UpdateAlias)

instance Core.AWSRequest UpdateAlias where
  type AWSResponse UpdateAlias = UpdateAliasResponse
  request :: (Service -> Service) -> UpdateAlias -> Request UpdateAlias
request Service -> Service
overrides =
    forall a. (ToRequest a, ToJSON a) => Service -> a -> Request a
Request.postJSON (Service -> Service
overrides Service
defaultService)
  response :: forall (m :: * -> *).
MonadResource m =>
(ByteStringLazy -> IO ByteStringLazy)
-> Service
-> Proxy UpdateAlias
-> ClientResponse ClientBody
-> m (Either Error (ClientResponse (AWSResponse UpdateAlias)))
response = forall (m :: * -> *) a.
MonadResource m =>
AWSResponse a
-> (ByteStringLazy -> IO ByteStringLazy)
-> Service
-> Proxy a
-> ClientResponse ClientBody
-> m (Either Error (ClientResponse (AWSResponse a)))
Response.receiveNull UpdateAliasResponse
UpdateAliasResponse'

instance Prelude.Hashable UpdateAlias where
  hashWithSalt :: Int -> UpdateAlias -> Int
hashWithSalt Int
_salt UpdateAlias' {Text
targetKeyId :: Text
aliasName :: Text
$sel:targetKeyId:UpdateAlias' :: UpdateAlias -> Text
$sel:aliasName:UpdateAlias' :: UpdateAlias -> Text
..} =
    Int
_salt
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Text
aliasName
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Text
targetKeyId

instance Prelude.NFData UpdateAlias where
  rnf :: UpdateAlias -> ()
rnf UpdateAlias' {Text
targetKeyId :: Text
aliasName :: Text
$sel:targetKeyId:UpdateAlias' :: UpdateAlias -> Text
$sel:aliasName:UpdateAlias' :: UpdateAlias -> Text
..} =
    forall a. NFData a => a -> ()
Prelude.rnf Text
aliasName
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Text
targetKeyId

instance Data.ToHeaders UpdateAlias where
  toHeaders :: UpdateAlias -> [Header]
toHeaders =
    forall a b. a -> b -> a
Prelude.const
      ( forall a. Monoid a => [a] -> a
Prelude.mconcat
          [ HeaderName
"X-Amz-Target"
              forall a. ToHeader a => HeaderName -> a -> [Header]
Data.=# (ByteString
"TrentService.UpdateAlias" :: Prelude.ByteString),
            HeaderName
"Content-Type"
              forall a. ToHeader a => HeaderName -> a -> [Header]
Data.=# ( ByteString
"application/x-amz-json-1.1" ::
                          Prelude.ByteString
                      )
          ]
      )

instance Data.ToJSON UpdateAlias where
  toJSON :: UpdateAlias -> Value
toJSON UpdateAlias' {Text
targetKeyId :: Text
aliasName :: Text
$sel:targetKeyId:UpdateAlias' :: UpdateAlias -> Text
$sel:aliasName:UpdateAlias' :: UpdateAlias -> Text
..} =
    [Pair] -> Value
Data.object
      ( forall a. [Maybe a] -> [a]
Prelude.catMaybes
          [ forall a. a -> Maybe a
Prelude.Just (Key
"AliasName" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv
Data..= Text
aliasName),
            forall a. a -> Maybe a
Prelude.Just (Key
"TargetKeyId" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv
Data..= Text
targetKeyId)
          ]
      )

instance Data.ToPath UpdateAlias where
  toPath :: UpdateAlias -> ByteString
toPath = forall a b. a -> b -> a
Prelude.const ByteString
"/"

instance Data.ToQuery UpdateAlias where
  toQuery :: UpdateAlias -> QueryString
toQuery = forall a b. a -> b -> a
Prelude.const forall a. Monoid a => a
Prelude.mempty

-- | /See:/ 'newUpdateAliasResponse' smart constructor.
data UpdateAliasResponse = UpdateAliasResponse'
  {
  }
  deriving (UpdateAliasResponse -> UpdateAliasResponse -> Bool
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: UpdateAliasResponse -> UpdateAliasResponse -> Bool
$c/= :: UpdateAliasResponse -> UpdateAliasResponse -> Bool
== :: UpdateAliasResponse -> UpdateAliasResponse -> Bool
$c== :: UpdateAliasResponse -> UpdateAliasResponse -> Bool
Prelude.Eq, ReadPrec [UpdateAliasResponse]
ReadPrec UpdateAliasResponse
Int -> ReadS UpdateAliasResponse
ReadS [UpdateAliasResponse]
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [UpdateAliasResponse]
$creadListPrec :: ReadPrec [UpdateAliasResponse]
readPrec :: ReadPrec UpdateAliasResponse
$creadPrec :: ReadPrec UpdateAliasResponse
readList :: ReadS [UpdateAliasResponse]
$creadList :: ReadS [UpdateAliasResponse]
readsPrec :: Int -> ReadS UpdateAliasResponse
$creadsPrec :: Int -> ReadS UpdateAliasResponse
Prelude.Read, Int -> UpdateAliasResponse -> ShowS
[UpdateAliasResponse] -> ShowS
UpdateAliasResponse -> String
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [UpdateAliasResponse] -> ShowS
$cshowList :: [UpdateAliasResponse] -> ShowS
show :: UpdateAliasResponse -> String
$cshow :: UpdateAliasResponse -> String
showsPrec :: Int -> UpdateAliasResponse -> ShowS
$cshowsPrec :: Int -> UpdateAliasResponse -> ShowS
Prelude.Show, forall x. Rep UpdateAliasResponse x -> UpdateAliasResponse
forall x. UpdateAliasResponse -> Rep UpdateAliasResponse x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x. Rep UpdateAliasResponse x -> UpdateAliasResponse
$cfrom :: forall x. UpdateAliasResponse -> Rep UpdateAliasResponse x
Prelude.Generic)

-- |
-- Create a value of 'UpdateAliasResponse' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
newUpdateAliasResponse ::
  UpdateAliasResponse
newUpdateAliasResponse :: UpdateAliasResponse
newUpdateAliasResponse = UpdateAliasResponse
UpdateAliasResponse'

instance Prelude.NFData UpdateAliasResponse where
  rnf :: UpdateAliasResponse -> ()
rnf UpdateAliasResponse
_ = ()