-- Hoogle documentation, generated by Haddock
-- See Hoogle, http://www.haskell.org/hoogle/


-- | Please see the README on GitHub at
--   <a>https://github.com/CollegeVine/confcrypt#readme</a>
@package confcrypt
@version 0.1.0.2


-- | Core types and some small helper functions used to construct
--   ConfCrypt.
module ConfCrypt.Types

-- | The core transformer stack for ConfCrypt. The most important parts are
--   the <a>ReaderT</a> and <a>ResourceT</a>, as the <a>WriterT</a> and
--   <a>ExceptT</a> can both be replaced with explicit return types.
type ConfCryptM m ctx = ReaderT (ConfCryptFile, ctx) (WriterT [Text] (ExceptT ConfCryptError (ResourceT m)))

-- | The possible errors produced during a confcrypt operation.
data ConfCryptError
ParserError :: Text -> ConfCryptError
NonRSAKey :: ConfCryptError
KeyUnpackingError :: Text -> ConfCryptError
DecryptionError :: Text -> ConfCryptError
AWSDecryptionError :: Text -> ConfCryptError
AWSEncryptionError :: Text -> ConfCryptError
EncryptionError :: Error -> ConfCryptError
MissingLine :: Text -> ConfCryptError
UnknownParameter :: Text -> ConfCryptError
WrongFileAction :: Text -> ConfCryptError
CleanupError :: Text -> ConfCryptError

-- | As indicated in the Readme, a ConfCrypt file
data ConfCryptFile
ConfCryptFile :: Text -> Map ConfCryptElement LineNumber -> [Parameter] -> ConfCryptFile
[fileName] :: ConfCryptFile -> Text
[fileContents] :: ConfCryptFile -> Map ConfCryptElement LineNumber
[parameters] :: ConfCryptFile -> [Parameter]

-- | A parameter consists of both a <a>ParamLine</a> and <a>Schema</a> line
--   from the confcr
data Parameter
Parameter :: Text -> Text -> Maybe SchemaType -> Parameter
[paramName] :: Parameter -> Text
[paramValue] :: Parameter -> Text
[paramType] :: Parameter -> Maybe SchemaType

-- | The syntax used to describe a confcrypt file. A line in a confcrypt
--   file may be one of <a>Schema</a>, <a>ParamLine</a>, or comment. The
--   grammar itself is described in the readme and <a>Parser</a>.
data ConfCryptElement
SchemaLine :: Schema -> ConfCryptElement
CommentLine :: Text -> ConfCryptElement
[cText] :: ConfCryptElement -> Text
ParameterLine :: ParamLine -> ConfCryptElement

-- | Self explanitory
newtype LineNumber
LineNumber :: Int -> LineNumber

-- | Indicates which types a
data SchemaType

-- | Maps to <a>String</a>
CString :: SchemaType

-- | Maps to <a>Int</a>
CInt :: SchemaType

-- | Maps to <a>Bool</a>
CBoolean :: SchemaType

-- | A parsed parameter line from a confcrypt file
data ParamLine
ParamLine :: Text -> Text -> ParamLine
[pName] :: ParamLine -> Text
[pValue] :: ParamLine -> Text

-- | A parsed schema line from a confcrypt file
data Schema
Schema :: Text -> SchemaType -> Schema
[sName] :: Schema -> Text
[sType] :: Schema -> SchemaType

-- | This constraint provides a type-level check that the wrapped key type
--   is local to the current machine. For use with things like RSA keys.
class LocalKey key

-- | This constraint provides a type-level check that the wrapped key type
--   exists off-system inside an externally provided Key Management System
--   (KMS). For use with AWS KMS or Azure KMS.
class KMSKey key

-- | Attempts to unwrap a line from a confcrypt file into a <a>Schema</a>
unWrapSchema :: ConfCryptElement -> Maybe Schema

-- | Checks whether the provided line from a confcrypt file is a
--   <a>Parameter</a>
isParameter :: ConfCryptElement -> Bool

-- | A special purpose <a>Show</a> function for convert
typeToOutputString :: SchemaType -> Text

-- | Convert a parameter into a <a>ParameterLine</a> and <a>SchemaLine</a>
--   if possible.
parameterToLines :: Parameter -> (ParamLine, Maybe Schema)
instance Control.DeepSeq.NFData ConfCrypt.Types.ConfCryptFile
instance GHC.Generics.Generic ConfCrypt.Types.ConfCryptFile
instance GHC.Show.Show ConfCrypt.Types.ConfCryptFile
instance Control.DeepSeq.NFData ConfCrypt.Types.Parameter
instance GHC.Generics.Generic ConfCrypt.Types.Parameter
instance GHC.Show.Show ConfCrypt.Types.Parameter
instance GHC.Classes.Ord ConfCrypt.Types.Parameter
instance GHC.Classes.Eq ConfCrypt.Types.Parameter
instance Control.DeepSeq.NFData ConfCrypt.Types.ConfCryptElement
instance GHC.Generics.Generic ConfCrypt.Types.ConfCryptElement
instance GHC.Show.Show ConfCrypt.Types.ConfCryptElement
instance Control.DeepSeq.NFData ConfCrypt.Types.Schema
instance GHC.Generics.Generic ConfCrypt.Types.Schema
instance GHC.Show.Show ConfCrypt.Types.Schema
instance GHC.Classes.Ord ConfCrypt.Types.Schema
instance GHC.Classes.Eq ConfCrypt.Types.Schema
instance GHC.Read.Read ConfCrypt.Types.SchemaType
instance Control.DeepSeq.NFData ConfCrypt.Types.SchemaType
instance GHC.Generics.Generic ConfCrypt.Types.SchemaType
instance GHC.Show.Show ConfCrypt.Types.SchemaType
instance GHC.Classes.Ord ConfCrypt.Types.SchemaType
instance GHC.Classes.Eq ConfCrypt.Types.SchemaType
instance Control.DeepSeq.NFData ConfCrypt.Types.LineNumber
instance GHC.Generics.Generic ConfCrypt.Types.LineNumber
instance GHC.Show.Show ConfCrypt.Types.LineNumber
instance GHC.Classes.Ord ConfCrypt.Types.LineNumber
instance GHC.Classes.Eq ConfCrypt.Types.LineNumber
instance Control.DeepSeq.NFData ConfCrypt.Types.ParamLine
instance GHC.Generics.Generic ConfCrypt.Types.ParamLine
instance GHC.Show.Show ConfCrypt.Types.ParamLine
instance GHC.Classes.Ord ConfCrypt.Types.ParamLine
instance GHC.Classes.Eq ConfCrypt.Types.ParamLine
instance GHC.Classes.Ord ConfCrypt.Types.ConfCryptError
instance GHC.Classes.Eq ConfCrypt.Types.ConfCryptError
instance GHC.Generics.Generic ConfCrypt.Types.ConfCryptError
instance GHC.Show.Show ConfCrypt.Types.ConfCryptError
instance GHC.Classes.Eq ConfCrypt.Types.ConfCryptElement
instance GHC.Classes.Ord ConfCrypt.Types.ConfCryptElement
instance GHC.Classes.Ord Crypto.PubKey.RSA.Types.Error

module ConfCrypt.Providers.AWS

-- | Confcrypt reqires the pair of <a>KMSKeyId</a> and <a>Env</a> to run
--   any operations in an AWS context.
data AWSCtx
AWSCtx :: Env -> KMSKeyId -> AWSCtx
[env] :: AWSCtx -> Env
[kmsKey] :: AWSCtx -> KMSKeyId

-- | Wraps a KMS key id. For more on KMS keys, see
--   <a>https://docs.aws.amazon.com/kms/latest/developerguide/crypto-intro.html</a>
newtype KMSKeyId
KMSKeyId :: Text -> KMSKeyId
[keyId] :: KMSKeyId -> Text

-- | Load the <a>AWSCtx</a>. It first checks for configuration in
--   environment variables, then a local config file. The discovery logic
--   is described in <tt>AWs</tt>
loadAwsCtx :: (MonadIO m, MonadCatch m) => KMSKeyId -> m AWSCtx
instance GHC.Classes.Eq ConfCrypt.Providers.AWS.KMSKeyId
instance GHC.Show.Show ConfCrypt.Providers.AWS.KMSKeyId
instance Network.AWS.Env.HasEnv (ConfCrypt.Types.ConfCryptFile, ConfCrypt.Providers.AWS.AWSCtx)


module ConfCrypt.Parser

-- | Parse raw <tt>Text</tt> into a <a>ConfCryptFile</a>.
--   
--   Duplicates are removed by virtue of using a <tt>Map</tt>. This means
--   the behavior for having duplciate parameter names is officially
--   undefined, but as implemented the last parameter read will be
--   preserved. DO NOT RELY ON THIS BEHAVIOR!
parseConfCrypt :: FilePath -> Text -> Either ConfCryptError ConfCryptFile


-- | This exposes the interface and instances for handling
--   encryption/decryption. The interface for each operation is
--   intentionally split.
module ConfCrypt.Encryption

-- | This class provides the ability to extract specific parts of a keypair
--   from a given RSA <tt>KeyPair</tt>
class KeyProjection key
project :: KeyProjection key => KeyPair -> key

-- | Represents the textual contents of any key stored on the local machine
data TextKey key
[TextKey] :: LocalKey key => key -> TextKey key

-- | Represents a KMS key remotely managed by a third party service
--   provider.
data RemoteKey key
[RemoteKey] :: KMSKey key => key -> RemoteKey key
data Encrypted
renderEncrypted :: Encrypted -> Text

-- | The interface for encrypting a value is simply a function from a key +
--   plaintext -&gt; ciphertext.
class (Monad m, MonadError ConfCryptError m) => MonadEncrypt m k

-- | Encrypts a value and either returns the ciphertext or throws a
--   <a>ConfCryptError</a>
encryptValue :: MonadEncrypt m k => k -> Text -> m Text

-- | Decrypts an encrypted block of text
class (Monad m, MonadError ConfCryptError m) => MonadDecrypt m k

-- | Given a key and some encrypted ciphertext, returns either the
--   decrypted plaintext or raises a <a>ConfCryptError</a>
decryptValue :: MonadDecrypt m k => k -> Text -> m Text

-- | Given a file on disk that contains the textual representation of an
--   RSA private key (as generated by openssh or ssh-keygen), extract the
--   key from the file and project it into the type of key required.
loadRSAKey :: (MonadIO m, Monad m, MonadError ConfCryptError m, KeyProjection key) => FilePath -> m key

-- | A private function to actually unpack the RSA key. Only used for
--   testing
unpackPrivateRSAKey :: (MonadError ConfCryptError m) => ByteString -> m KeyPair
instance GHC.Show.Show ConfCrypt.Encryption.Encrypted
instance GHC.Classes.Eq ConfCrypt.Encryption.Encrypted
instance ConfCrypt.Encryption.MonadDecrypt (ConfCrypt.Types.ConfCryptM GHC.Types.IO (ConfCrypt.Encryption.RemoteKey ConfCrypt.Providers.AWS.AWSCtx)) (ConfCrypt.Encryption.RemoteKey ConfCrypt.Providers.AWS.AWSCtx)
instance ConfCrypt.Encryption.MonadEncrypt (ConfCrypt.Types.ConfCryptM GHC.Types.IO (ConfCrypt.Encryption.RemoteKey ConfCrypt.Providers.AWS.AWSCtx)) (ConfCrypt.Encryption.RemoteKey ConfCrypt.Providers.AWS.AWSCtx)
instance (GHC.Base.Monad m, Crypto.Random.Types.MonadRandom m, Control.Monad.Error.Class.MonadError ConfCrypt.Types.ConfCryptError m) => ConfCrypt.Encryption.MonadEncrypt m Crypto.PubKey.RSA.Types.PublicKey
instance (Crypto.Random.Types.MonadRandom m, Control.Monad.Error.Class.MonadError ConfCrypt.Types.ConfCryptError m, GHC.Base.Monad m) => ConfCrypt.Encryption.MonadEncrypt m (ConfCrypt.Encryption.TextKey Crypto.PubKey.RSA.Types.PublicKey)
instance (GHC.Base.Monad m, Control.Monad.Error.Class.MonadError ConfCrypt.Types.ConfCryptError m) => ConfCrypt.Encryption.MonadDecrypt m Crypto.PubKey.RSA.Types.PrivateKey
instance (Control.Monad.Error.Class.MonadError ConfCrypt.Types.ConfCryptError m, GHC.Base.Monad m) => ConfCrypt.Encryption.MonadDecrypt m (ConfCrypt.Encryption.TextKey Crypto.PubKey.RSA.Types.PrivateKey)
instance ConfCrypt.Encryption.KeyProjection Crypto.PubKey.RSA.Types.PublicKey
instance ConfCrypt.Encryption.KeyProjection Crypto.PubKey.RSA.Types.PrivateKey
instance ConfCrypt.Types.LocalKey Crypto.PubKey.RSA.Types.PublicKey
instance ConfCrypt.Types.LocalKey Crypto.PubKey.RSA.Types.PrivateKey
instance Crypto.Random.Types.MonadRandom m => Crypto.Random.Types.MonadRandom (ConfCrypt.Types.ConfCryptM m k)
instance Crypto.Random.Types.MonadRandom m => Crypto.Random.Types.MonadRandom (Control.Monad.Trans.Except.ExceptT e m)
instance ConfCrypt.Types.KMSKey ConfCrypt.Providers.AWS.AWSCtx


module ConfCrypt.Default

-- | Printed out on request as an example or starting point for new users.
defaultConf :: Text

-- | Extracts the plaintext from <a>defaultConf</a> into a populated config
defaultLines :: ConfCryptFile

-- | The standard empty config
emptyConfCryptFile :: ConfCryptFile


module ConfCrypt.Validation

-- | Apply all validation rules, accumulating the errors across rules.
runAllRules :: (MonadDecrypt m key, Monad m, MonadWriter [Text] m, MonadReader (ConfCryptFile, key) m) => m ()

-- | For each (Schema, Parameter) pair, confirm that the parameter's value
--   type matches the schema.
parameterTypesMatchSchema :: (Monad m, MonadWriter [Text] m, MonadDecrypt m key) => key -> ConfCryptFile -> m ()

-- | Raise an error if there are parameters without a schema
logMissingSchemas :: (Monad m, MonadWriter [Text] m) => ConfCryptFile -> m ()

-- | Raise an error if there are schema without a parameter
logMissingParameters :: (Monad m, MonadWriter [Text] m) => ConfCryptFile -> m ()

module ConfCrypt.Commands

-- | All confcrypt commands can be generalized into an <a>evaluate</a>
--   call. In reality, instances likely need to provide some environment,
--   although that's not required as everything could be contained as
--   record fields of the command argument itself.
--   
--   In reality the return type of <tt>evalutate</tt> is <tt>Text</tt>,
--   this needs to be cleaned up in the upcoming version.
class Monad m => Command a m
evaluate :: Command a m => a -> m ()

-- | Read and return the full contents of an encrypted file. Provides
--   support for using a local RSA key or an externl KMS service
data ReadConfCrypt
ReadConfCrypt :: ReadConfCrypt

-- | Used to add a new config parameter to the file
data AddConfCrypt
AddConfCrypt :: Text -> Text -> SchemaType -> AddConfCrypt
[aName] :: AddConfCrypt -> Text
[aValue] :: AddConfCrypt -> Text
[aType] :: AddConfCrypt -> SchemaType

-- | Modify the value or type of a parameter in-place. This should result
--   in a diff touching only the impacted lines. Very important that this
--   property holds to make reviews easier.
data EditConfCrypt
EditConfCrypt :: Text -> Text -> SchemaType -> EditConfCrypt
[eName] :: EditConfCrypt -> Text
[eValue] :: EditConfCrypt -> Text
[eType] :: EditConfCrypt -> SchemaType

-- | Removes a particular parameter and schema from the config file. This
--   does not require an encryption key because the lines may simply be
--   deleted based on the parameter name.
data DeleteConfCrypt
DeleteConfCrypt :: Text -> DeleteConfCrypt
[dName] :: DeleteConfCrypt -> Text

-- | Run all of the rules in <a>Validation</a> on this file.
data ValidateConfCrypt
ValidateConfCrypt :: ValidateConfCrypt

-- | Dumps the contents of <a>defaultLines</a> to the output buffer. This
--   is the same example config used in the readme.
data NewConfCrypt
NewConfCrypt :: NewConfCrypt

-- | Commands may perform one of the following operations to a line of a
--   confcrypt file
data FileAction
Add :: FileAction
Edit :: FileAction
Remove :: FileAction

-- | Given a known file state and some edits, apply the edits and produce
--   the new file contents
genNewFileState :: (Monad m, MonadError ConfCryptError m) => Map ConfCryptElement LineNumber -> [(ConfCryptElement, FileAction)] -> m (Map ConfCryptElement LineNumber)

-- | Writes the provided <a>ConfCryptFile</a> (provided as a Map) to the
--   output buffer in line-number order. This allows for producing an
--   easily diffable output and makes in-place edits easy to spot in source
--   control diffs.
writeFullContentsToBuffer :: (Monad m, MonadWriter [Text] m) => Bool -> Map ConfCryptElement LineNumber -> m ()
instance GHC.Generics.Generic ConfCrypt.Commands.DeleteConfCrypt
instance GHC.Show.Show ConfCrypt.Commands.DeleteConfCrypt
instance GHC.Read.Read ConfCrypt.Commands.DeleteConfCrypt
instance GHC.Classes.Eq ConfCrypt.Commands.DeleteConfCrypt
instance GHC.Generics.Generic ConfCrypt.Commands.EditConfCrypt
instance GHC.Show.Show ConfCrypt.Commands.EditConfCrypt
instance GHC.Read.Read ConfCrypt.Commands.EditConfCrypt
instance GHC.Classes.Eq ConfCrypt.Commands.EditConfCrypt
instance GHC.Generics.Generic ConfCrypt.Commands.AddConfCrypt
instance GHC.Show.Show ConfCrypt.Commands.AddConfCrypt
instance GHC.Read.Read ConfCrypt.Commands.AddConfCrypt
instance GHC.Classes.Eq ConfCrypt.Commands.AddConfCrypt
instance GHC.Base.Monad m => ConfCrypt.Commands.Command ConfCrypt.Commands.NewConfCrypt (ConfCrypt.Types.ConfCryptM m ())
instance (GHC.Base.Monad m, ConfCrypt.Encryption.MonadDecrypt (ConfCrypt.Types.ConfCryptM m key) key) => ConfCrypt.Commands.Command ConfCrypt.Commands.ValidateConfCrypt (ConfCrypt.Types.ConfCryptM m key)
instance GHC.Base.Monad m => ConfCrypt.Commands.Command ConfCrypt.Commands.DeleteConfCrypt (ConfCrypt.Types.ConfCryptM m ())
instance (GHC.Base.Monad m, Crypto.Random.Types.MonadRandom m, ConfCrypt.Encryption.MonadEncrypt (ConfCrypt.Types.ConfCryptM m key) key) => ConfCrypt.Commands.Command ConfCrypt.Commands.EditConfCrypt (ConfCrypt.Types.ConfCryptM m key)
instance (GHC.Base.Monad m, Crypto.Random.Types.MonadRandom m, ConfCrypt.Encryption.MonadEncrypt (ConfCrypt.Types.ConfCryptM m key) key) => ConfCrypt.Commands.Command ConfCrypt.Commands.AddConfCrypt (ConfCrypt.Types.ConfCryptM m key)
instance (GHC.Base.Monad m, ConfCrypt.Encryption.MonadDecrypt (ConfCrypt.Types.ConfCryptM m key) key) => ConfCrypt.Commands.Command ConfCrypt.Commands.ReadConfCrypt (ConfCrypt.Types.ConfCryptM m key)