{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE TypeFamilies #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-binds #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.CertificateManagerPCA.CreateCertificateAuthority
-- Copyright   : (c) 2013-2021 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
--
-- Creates a root or subordinate private certificate authority (CA). You
-- must specify the CA configuration, an optional configuration for Online
-- Certificate Status Protocol (OCSP) and\/or a certificate revocation list
-- (CRL), the CA type, and an optional idempotency token to avoid
-- accidental creation of multiple CAs. The CA configuration specifies the
-- name of the algorithm and key size to be used to create the CA private
-- key, the type of signing algorithm that the CA uses, and X.500 subject
-- information. The OCSP configuration can optionally specify a custom URL
-- for the OCSP responder. The CRL configuration specifies the CRL
-- expiration period in days (the validity period of the CRL), the Amazon
-- S3 bucket that will contain the CRL, and a CNAME alias for the S3 bucket
-- that is included in certificates issued by the CA. If successful, this
-- action returns the Amazon Resource Name (ARN) of the CA.
--
-- ACM Private CA assets that are stored in Amazon S3 can be protected with
-- encryption. For more information, see
-- <https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaCreateCa.html#crl-encryption Encrypting Your CRLs>.
--
-- Both PCA and the IAM principal must have permission to write to the S3
-- bucket that you specify. If the IAM principal making the call does not
-- have permission to write to the bucket, then an exception is thrown. For
-- more information, see
-- <https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaAuthAccess.html Configure Access to ACM Private CA>.
module Amazonka.CertificateManagerPCA.CreateCertificateAuthority
  ( -- * Creating a Request
    CreateCertificateAuthority (..),
    newCreateCertificateAuthority,

    -- * Request Lenses
    createCertificateAuthority_idempotencyToken,
    createCertificateAuthority_keyStorageSecurityStandard,
    createCertificateAuthority_revocationConfiguration,
    createCertificateAuthority_tags,
    createCertificateAuthority_certificateAuthorityConfiguration,
    createCertificateAuthority_certificateAuthorityType,

    -- * Destructuring the Response
    CreateCertificateAuthorityResponse (..),
    newCreateCertificateAuthorityResponse,

    -- * Response Lenses
    createCertificateAuthorityResponse_certificateAuthorityArn,
    createCertificateAuthorityResponse_httpStatus,
  )
where

import Amazonka.CertificateManagerPCA.Types
import qualified Amazonka.Core as Core
import qualified Amazonka.Lens as Lens
import qualified Amazonka.Prelude as Prelude
import qualified Amazonka.Request as Request
import qualified Amazonka.Response as Response

-- | /See:/ 'newCreateCertificateAuthority' smart constructor.
data CreateCertificateAuthority = CreateCertificateAuthority'
  { -- | Custom string that can be used to distinguish between calls to the
    -- __CreateCertificateAuthority__ action. Idempotency tokens for
    -- __CreateCertificateAuthority__ time out after five minutes. Therefore,
    -- if you call __CreateCertificateAuthority__ multiple times with the same
    -- idempotency token within five minutes, ACM Private CA recognizes that
    -- you are requesting only certificate authority and will issue only one.
    -- If you change the idempotency token for each call, PCA recognizes that
    -- you are requesting multiple certificate authorities.
    CreateCertificateAuthority -> Maybe Text
idempotencyToken :: Prelude.Maybe Prelude.Text,
    -- | Specifies a cryptographic key management compliance standard used for
    -- handling CA keys.
    --
    -- Default: FIPS_140_2_LEVEL_3_OR_HIGHER
    --
    -- Note: @FIPS_140_2_LEVEL_3_OR_HIGHER@ is not supported in Region
    -- ap-northeast-3. When creating a CA in the ap-northeast-3, you must
    -- provide @FIPS_140_2_LEVEL_2_OR_HIGHER@ as the argument for
    -- @KeyStorageSecurityStandard@. Failure to do this results in an
    -- @InvalidArgsException@ with the message, \"A certificate authority
    -- cannot be created in this region with the specified security standard.\"
    CreateCertificateAuthority -> Maybe KeyStorageSecurityStandard
keyStorageSecurityStandard :: Prelude.Maybe KeyStorageSecurityStandard,
    -- | Contains information to enable Online Certificate Status Protocol (OCSP)
    -- support, to enable a certificate revocation list (CRL), to enable both,
    -- or to enable neither. The default is for both certificate validation
    -- mechanisms to be disabled. For more information, see the
    -- <https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_OcspConfiguration.html OcspConfiguration>
    -- and
    -- <https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CrlConfiguration.html CrlConfiguration>
    -- types.
    CreateCertificateAuthority -> Maybe RevocationConfiguration
revocationConfiguration :: Prelude.Maybe RevocationConfiguration,
    -- | Key-value pairs that will be attached to the new private CA. You can
    -- associate up to 50 tags with a private CA. For information using tags
    -- with IAM to manage permissions, see
    -- <https://docs.aws.amazon.com/IAM/latest/UserGuide/access_iam-tags.html Controlling Access Using IAM Tags>.
    CreateCertificateAuthority -> Maybe (NonEmpty Tag)
tags :: Prelude.Maybe (Prelude.NonEmpty Tag),
    -- | Name and bit size of the private key algorithm, the name of the signing
    -- algorithm, and X.500 certificate subject information.
    CreateCertificateAuthority -> CertificateAuthorityConfiguration
certificateAuthorityConfiguration :: CertificateAuthorityConfiguration,
    -- | The type of the certificate authority.
    CreateCertificateAuthority -> CertificateAuthorityType
certificateAuthorityType :: CertificateAuthorityType
  }
  deriving (CreateCertificateAuthority -> CreateCertificateAuthority -> Bool
(CreateCertificateAuthority -> CreateCertificateAuthority -> Bool)
-> (CreateCertificateAuthority
    -> CreateCertificateAuthority -> Bool)
-> Eq CreateCertificateAuthority
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: CreateCertificateAuthority -> CreateCertificateAuthority -> Bool
$c/= :: CreateCertificateAuthority -> CreateCertificateAuthority -> Bool
== :: CreateCertificateAuthority -> CreateCertificateAuthority -> Bool
$c== :: CreateCertificateAuthority -> CreateCertificateAuthority -> Bool
Prelude.Eq, ReadPrec [CreateCertificateAuthority]
ReadPrec CreateCertificateAuthority
Int -> ReadS CreateCertificateAuthority
ReadS [CreateCertificateAuthority]
(Int -> ReadS CreateCertificateAuthority)
-> ReadS [CreateCertificateAuthority]
-> ReadPrec CreateCertificateAuthority
-> ReadPrec [CreateCertificateAuthority]
-> Read CreateCertificateAuthority
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [CreateCertificateAuthority]
$creadListPrec :: ReadPrec [CreateCertificateAuthority]
readPrec :: ReadPrec CreateCertificateAuthority
$creadPrec :: ReadPrec CreateCertificateAuthority
readList :: ReadS [CreateCertificateAuthority]
$creadList :: ReadS [CreateCertificateAuthority]
readsPrec :: Int -> ReadS CreateCertificateAuthority
$creadsPrec :: Int -> ReadS CreateCertificateAuthority
Prelude.Read, Int -> CreateCertificateAuthority -> ShowS
[CreateCertificateAuthority] -> ShowS
CreateCertificateAuthority -> String
(Int -> CreateCertificateAuthority -> ShowS)
-> (CreateCertificateAuthority -> String)
-> ([CreateCertificateAuthority] -> ShowS)
-> Show CreateCertificateAuthority
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [CreateCertificateAuthority] -> ShowS
$cshowList :: [CreateCertificateAuthority] -> ShowS
show :: CreateCertificateAuthority -> String
$cshow :: CreateCertificateAuthority -> String
showsPrec :: Int -> CreateCertificateAuthority -> ShowS
$cshowsPrec :: Int -> CreateCertificateAuthority -> ShowS
Prelude.Show, (forall x.
 CreateCertificateAuthority -> Rep CreateCertificateAuthority x)
-> (forall x.
    Rep CreateCertificateAuthority x -> CreateCertificateAuthority)
-> Generic CreateCertificateAuthority
forall x.
Rep CreateCertificateAuthority x -> CreateCertificateAuthority
forall x.
CreateCertificateAuthority -> Rep CreateCertificateAuthority x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x.
Rep CreateCertificateAuthority x -> CreateCertificateAuthority
$cfrom :: forall x.
CreateCertificateAuthority -> Rep CreateCertificateAuthority x
Prelude.Generic)

-- |
-- Create a value of 'CreateCertificateAuthority' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'idempotencyToken', 'createCertificateAuthority_idempotencyToken' - Custom string that can be used to distinguish between calls to the
-- __CreateCertificateAuthority__ action. Idempotency tokens for
-- __CreateCertificateAuthority__ time out after five minutes. Therefore,
-- if you call __CreateCertificateAuthority__ multiple times with the same
-- idempotency token within five minutes, ACM Private CA recognizes that
-- you are requesting only certificate authority and will issue only one.
-- If you change the idempotency token for each call, PCA recognizes that
-- you are requesting multiple certificate authorities.
--
-- 'keyStorageSecurityStandard', 'createCertificateAuthority_keyStorageSecurityStandard' - Specifies a cryptographic key management compliance standard used for
-- handling CA keys.
--
-- Default: FIPS_140_2_LEVEL_3_OR_HIGHER
--
-- Note: @FIPS_140_2_LEVEL_3_OR_HIGHER@ is not supported in Region
-- ap-northeast-3. When creating a CA in the ap-northeast-3, you must
-- provide @FIPS_140_2_LEVEL_2_OR_HIGHER@ as the argument for
-- @KeyStorageSecurityStandard@. Failure to do this results in an
-- @InvalidArgsException@ with the message, \"A certificate authority
-- cannot be created in this region with the specified security standard.\"
--
-- 'revocationConfiguration', 'createCertificateAuthority_revocationConfiguration' - Contains information to enable Online Certificate Status Protocol (OCSP)
-- support, to enable a certificate revocation list (CRL), to enable both,
-- or to enable neither. The default is for both certificate validation
-- mechanisms to be disabled. For more information, see the
-- <https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_OcspConfiguration.html OcspConfiguration>
-- and
-- <https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CrlConfiguration.html CrlConfiguration>
-- types.
--
-- 'tags', 'createCertificateAuthority_tags' - Key-value pairs that will be attached to the new private CA. You can
-- associate up to 50 tags with a private CA. For information using tags
-- with IAM to manage permissions, see
-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/access_iam-tags.html Controlling Access Using IAM Tags>.
--
-- 'certificateAuthorityConfiguration', 'createCertificateAuthority_certificateAuthorityConfiguration' - Name and bit size of the private key algorithm, the name of the signing
-- algorithm, and X.500 certificate subject information.
--
-- 'certificateAuthorityType', 'createCertificateAuthority_certificateAuthorityType' - The type of the certificate authority.
newCreateCertificateAuthority ::
  -- | 'certificateAuthorityConfiguration'
  CertificateAuthorityConfiguration ->
  -- | 'certificateAuthorityType'
  CertificateAuthorityType ->
  CreateCertificateAuthority
newCreateCertificateAuthority :: CertificateAuthorityConfiguration
-> CertificateAuthorityType -> CreateCertificateAuthority
newCreateCertificateAuthority
  CertificateAuthorityConfiguration
pCertificateAuthorityConfiguration_
  CertificateAuthorityType
pCertificateAuthorityType_ =
    CreateCertificateAuthority' :: Maybe Text
-> Maybe KeyStorageSecurityStandard
-> Maybe RevocationConfiguration
-> Maybe (NonEmpty Tag)
-> CertificateAuthorityConfiguration
-> CertificateAuthorityType
-> CreateCertificateAuthority
CreateCertificateAuthority'
      { $sel:idempotencyToken:CreateCertificateAuthority' :: Maybe Text
idempotencyToken =
          Maybe Text
forall a. Maybe a
Prelude.Nothing,
        $sel:keyStorageSecurityStandard:CreateCertificateAuthority' :: Maybe KeyStorageSecurityStandard
keyStorageSecurityStandard = Maybe KeyStorageSecurityStandard
forall a. Maybe a
Prelude.Nothing,
        $sel:revocationConfiguration:CreateCertificateAuthority' :: Maybe RevocationConfiguration
revocationConfiguration = Maybe RevocationConfiguration
forall a. Maybe a
Prelude.Nothing,
        $sel:tags:CreateCertificateAuthority' :: Maybe (NonEmpty Tag)
tags = Maybe (NonEmpty Tag)
forall a. Maybe a
Prelude.Nothing,
        $sel:certificateAuthorityConfiguration:CreateCertificateAuthority' :: CertificateAuthorityConfiguration
certificateAuthorityConfiguration =
          CertificateAuthorityConfiguration
pCertificateAuthorityConfiguration_,
        $sel:certificateAuthorityType:CreateCertificateAuthority' :: CertificateAuthorityType
certificateAuthorityType =
          CertificateAuthorityType
pCertificateAuthorityType_
      }

-- | Custom string that can be used to distinguish between calls to the
-- __CreateCertificateAuthority__ action. Idempotency tokens for
-- __CreateCertificateAuthority__ time out after five minutes. Therefore,
-- if you call __CreateCertificateAuthority__ multiple times with the same
-- idempotency token within five minutes, ACM Private CA recognizes that
-- you are requesting only certificate authority and will issue only one.
-- If you change the idempotency token for each call, PCA recognizes that
-- you are requesting multiple certificate authorities.
createCertificateAuthority_idempotencyToken :: Lens.Lens' CreateCertificateAuthority (Prelude.Maybe Prelude.Text)
createCertificateAuthority_idempotencyToken :: (Maybe Text -> f (Maybe Text))
-> CreateCertificateAuthority -> f CreateCertificateAuthority
createCertificateAuthority_idempotencyToken = (CreateCertificateAuthority -> Maybe Text)
-> (CreateCertificateAuthority
    -> Maybe Text -> CreateCertificateAuthority)
-> Lens
     CreateCertificateAuthority
     CreateCertificateAuthority
     (Maybe Text)
     (Maybe Text)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateCertificateAuthority' {Maybe Text
idempotencyToken :: Maybe Text
$sel:idempotencyToken:CreateCertificateAuthority' :: CreateCertificateAuthority -> Maybe Text
idempotencyToken} -> Maybe Text
idempotencyToken) (\s :: CreateCertificateAuthority
s@CreateCertificateAuthority' {} Maybe Text
a -> CreateCertificateAuthority
s {$sel:idempotencyToken:CreateCertificateAuthority' :: Maybe Text
idempotencyToken = Maybe Text
a} :: CreateCertificateAuthority)

-- | Specifies a cryptographic key management compliance standard used for
-- handling CA keys.
--
-- Default: FIPS_140_2_LEVEL_3_OR_HIGHER
--
-- Note: @FIPS_140_2_LEVEL_3_OR_HIGHER@ is not supported in Region
-- ap-northeast-3. When creating a CA in the ap-northeast-3, you must
-- provide @FIPS_140_2_LEVEL_2_OR_HIGHER@ as the argument for
-- @KeyStorageSecurityStandard@. Failure to do this results in an
-- @InvalidArgsException@ with the message, \"A certificate authority
-- cannot be created in this region with the specified security standard.\"
createCertificateAuthority_keyStorageSecurityStandard :: Lens.Lens' CreateCertificateAuthority (Prelude.Maybe KeyStorageSecurityStandard)
createCertificateAuthority_keyStorageSecurityStandard :: (Maybe KeyStorageSecurityStandard
 -> f (Maybe KeyStorageSecurityStandard))
-> CreateCertificateAuthority -> f CreateCertificateAuthority
createCertificateAuthority_keyStorageSecurityStandard = (CreateCertificateAuthority -> Maybe KeyStorageSecurityStandard)
-> (CreateCertificateAuthority
    -> Maybe KeyStorageSecurityStandard -> CreateCertificateAuthority)
-> Lens
     CreateCertificateAuthority
     CreateCertificateAuthority
     (Maybe KeyStorageSecurityStandard)
     (Maybe KeyStorageSecurityStandard)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateCertificateAuthority' {Maybe KeyStorageSecurityStandard
keyStorageSecurityStandard :: Maybe KeyStorageSecurityStandard
$sel:keyStorageSecurityStandard:CreateCertificateAuthority' :: CreateCertificateAuthority -> Maybe KeyStorageSecurityStandard
keyStorageSecurityStandard} -> Maybe KeyStorageSecurityStandard
keyStorageSecurityStandard) (\s :: CreateCertificateAuthority
s@CreateCertificateAuthority' {} Maybe KeyStorageSecurityStandard
a -> CreateCertificateAuthority
s {$sel:keyStorageSecurityStandard:CreateCertificateAuthority' :: Maybe KeyStorageSecurityStandard
keyStorageSecurityStandard = Maybe KeyStorageSecurityStandard
a} :: CreateCertificateAuthority)

-- | Contains information to enable Online Certificate Status Protocol (OCSP)
-- support, to enable a certificate revocation list (CRL), to enable both,
-- or to enable neither. The default is for both certificate validation
-- mechanisms to be disabled. For more information, see the
-- <https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_OcspConfiguration.html OcspConfiguration>
-- and
-- <https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CrlConfiguration.html CrlConfiguration>
-- types.
createCertificateAuthority_revocationConfiguration :: Lens.Lens' CreateCertificateAuthority (Prelude.Maybe RevocationConfiguration)
createCertificateAuthority_revocationConfiguration :: (Maybe RevocationConfiguration
 -> f (Maybe RevocationConfiguration))
-> CreateCertificateAuthority -> f CreateCertificateAuthority
createCertificateAuthority_revocationConfiguration = (CreateCertificateAuthority -> Maybe RevocationConfiguration)
-> (CreateCertificateAuthority
    -> Maybe RevocationConfiguration -> CreateCertificateAuthority)
-> Lens
     CreateCertificateAuthority
     CreateCertificateAuthority
     (Maybe RevocationConfiguration)
     (Maybe RevocationConfiguration)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateCertificateAuthority' {Maybe RevocationConfiguration
revocationConfiguration :: Maybe RevocationConfiguration
$sel:revocationConfiguration:CreateCertificateAuthority' :: CreateCertificateAuthority -> Maybe RevocationConfiguration
revocationConfiguration} -> Maybe RevocationConfiguration
revocationConfiguration) (\s :: CreateCertificateAuthority
s@CreateCertificateAuthority' {} Maybe RevocationConfiguration
a -> CreateCertificateAuthority
s {$sel:revocationConfiguration:CreateCertificateAuthority' :: Maybe RevocationConfiguration
revocationConfiguration = Maybe RevocationConfiguration
a} :: CreateCertificateAuthority)

-- | Key-value pairs that will be attached to the new private CA. You can
-- associate up to 50 tags with a private CA. For information using tags
-- with IAM to manage permissions, see
-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/access_iam-tags.html Controlling Access Using IAM Tags>.
createCertificateAuthority_tags :: Lens.Lens' CreateCertificateAuthority (Prelude.Maybe (Prelude.NonEmpty Tag))
createCertificateAuthority_tags :: (Maybe (NonEmpty Tag) -> f (Maybe (NonEmpty Tag)))
-> CreateCertificateAuthority -> f CreateCertificateAuthority
createCertificateAuthority_tags = (CreateCertificateAuthority -> Maybe (NonEmpty Tag))
-> (CreateCertificateAuthority
    -> Maybe (NonEmpty Tag) -> CreateCertificateAuthority)
-> Lens
     CreateCertificateAuthority
     CreateCertificateAuthority
     (Maybe (NonEmpty Tag))
     (Maybe (NonEmpty Tag))
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateCertificateAuthority' {Maybe (NonEmpty Tag)
tags :: Maybe (NonEmpty Tag)
$sel:tags:CreateCertificateAuthority' :: CreateCertificateAuthority -> Maybe (NonEmpty Tag)
tags} -> Maybe (NonEmpty Tag)
tags) (\s :: CreateCertificateAuthority
s@CreateCertificateAuthority' {} Maybe (NonEmpty Tag)
a -> CreateCertificateAuthority
s {$sel:tags:CreateCertificateAuthority' :: Maybe (NonEmpty Tag)
tags = Maybe (NonEmpty Tag)
a} :: CreateCertificateAuthority) ((Maybe (NonEmpty Tag) -> f (Maybe (NonEmpty Tag)))
 -> CreateCertificateAuthority -> f CreateCertificateAuthority)
-> ((Maybe (NonEmpty Tag) -> f (Maybe (NonEmpty Tag)))
    -> Maybe (NonEmpty Tag) -> f (Maybe (NonEmpty Tag)))
-> (Maybe (NonEmpty Tag) -> f (Maybe (NonEmpty Tag)))
-> CreateCertificateAuthority
-> f CreateCertificateAuthority
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. AnIso (NonEmpty Tag) (NonEmpty Tag) (NonEmpty Tag) (NonEmpty Tag)
-> Iso
     (Maybe (NonEmpty Tag))
     (Maybe (NonEmpty Tag))
     (Maybe (NonEmpty Tag))
     (Maybe (NonEmpty Tag))
forall (f :: * -> *) (g :: * -> *) s t a b.
(Functor f, Functor g) =>
AnIso s t a b -> Iso (f s) (g t) (f a) (g b)
Lens.mapping AnIso (NonEmpty Tag) (NonEmpty Tag) (NonEmpty Tag) (NonEmpty Tag)
forall s t a b. (Coercible s a, Coercible t b) => Iso s t a b
Lens.coerced

-- | Name and bit size of the private key algorithm, the name of the signing
-- algorithm, and X.500 certificate subject information.
createCertificateAuthority_certificateAuthorityConfiguration :: Lens.Lens' CreateCertificateAuthority CertificateAuthorityConfiguration
createCertificateAuthority_certificateAuthorityConfiguration :: (CertificateAuthorityConfiguration
 -> f CertificateAuthorityConfiguration)
-> CreateCertificateAuthority -> f CreateCertificateAuthority
createCertificateAuthority_certificateAuthorityConfiguration = (CreateCertificateAuthority -> CertificateAuthorityConfiguration)
-> (CreateCertificateAuthority
    -> CertificateAuthorityConfiguration -> CreateCertificateAuthority)
-> Lens
     CreateCertificateAuthority
     CreateCertificateAuthority
     CertificateAuthorityConfiguration
     CertificateAuthorityConfiguration
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateCertificateAuthority' {CertificateAuthorityConfiguration
certificateAuthorityConfiguration :: CertificateAuthorityConfiguration
$sel:certificateAuthorityConfiguration:CreateCertificateAuthority' :: CreateCertificateAuthority -> CertificateAuthorityConfiguration
certificateAuthorityConfiguration} -> CertificateAuthorityConfiguration
certificateAuthorityConfiguration) (\s :: CreateCertificateAuthority
s@CreateCertificateAuthority' {} CertificateAuthorityConfiguration
a -> CreateCertificateAuthority
s {$sel:certificateAuthorityConfiguration:CreateCertificateAuthority' :: CertificateAuthorityConfiguration
certificateAuthorityConfiguration = CertificateAuthorityConfiguration
a} :: CreateCertificateAuthority)

-- | The type of the certificate authority.
createCertificateAuthority_certificateAuthorityType :: Lens.Lens' CreateCertificateAuthority CertificateAuthorityType
createCertificateAuthority_certificateAuthorityType :: (CertificateAuthorityType -> f CertificateAuthorityType)
-> CreateCertificateAuthority -> f CreateCertificateAuthority
createCertificateAuthority_certificateAuthorityType = (CreateCertificateAuthority -> CertificateAuthorityType)
-> (CreateCertificateAuthority
    -> CertificateAuthorityType -> CreateCertificateAuthority)
-> Lens
     CreateCertificateAuthority
     CreateCertificateAuthority
     CertificateAuthorityType
     CertificateAuthorityType
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateCertificateAuthority' {CertificateAuthorityType
certificateAuthorityType :: CertificateAuthorityType
$sel:certificateAuthorityType:CreateCertificateAuthority' :: CreateCertificateAuthority -> CertificateAuthorityType
certificateAuthorityType} -> CertificateAuthorityType
certificateAuthorityType) (\s :: CreateCertificateAuthority
s@CreateCertificateAuthority' {} CertificateAuthorityType
a -> CreateCertificateAuthority
s {$sel:certificateAuthorityType:CreateCertificateAuthority' :: CertificateAuthorityType
certificateAuthorityType = CertificateAuthorityType
a} :: CreateCertificateAuthority)

instance Core.AWSRequest CreateCertificateAuthority where
  type
    AWSResponse CreateCertificateAuthority =
      CreateCertificateAuthorityResponse
  request :: CreateCertificateAuthority -> Request CreateCertificateAuthority
request = Service
-> CreateCertificateAuthority -> Request CreateCertificateAuthority
forall a. (ToRequest a, ToJSON a) => Service -> a -> Request a
Request.postJSON Service
defaultService
  response :: Logger
-> Service
-> Proxy CreateCertificateAuthority
-> ClientResponse ClientBody
-> m (Either
        Error (ClientResponse (AWSResponse CreateCertificateAuthority)))
response =
    (Int
 -> ResponseHeaders
 -> Object
 -> Either String (AWSResponse CreateCertificateAuthority))
-> Logger
-> Service
-> Proxy CreateCertificateAuthority
-> ClientResponse ClientBody
-> m (Either
        Error (ClientResponse (AWSResponse CreateCertificateAuthority)))
forall (m :: * -> *) a.
MonadResource m =>
(Int -> ResponseHeaders -> Object -> Either String (AWSResponse a))
-> Logger
-> Service
-> Proxy a
-> ClientResponse ClientBody
-> m (Either Error (ClientResponse (AWSResponse a)))
Response.receiveJSON
      ( \Int
s ResponseHeaders
h Object
x ->
          Maybe Text -> Int -> CreateCertificateAuthorityResponse
CreateCertificateAuthorityResponse'
            (Maybe Text -> Int -> CreateCertificateAuthorityResponse)
-> Either String (Maybe Text)
-> Either String (Int -> CreateCertificateAuthorityResponse)
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> (Object
x Object -> Text -> Either String (Maybe Text)
forall a. FromJSON a => Object -> Text -> Either String (Maybe a)
Core..?> Text
"CertificateAuthorityArn")
            Either String (Int -> CreateCertificateAuthorityResponse)
-> Either String Int
-> Either String CreateCertificateAuthorityResponse
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Int -> Either String Int
forall (f :: * -> *) a. Applicative f => a -> f a
Prelude.pure (Int -> Int
forall a. Enum a => a -> Int
Prelude.fromEnum Int
s))
      )

instance Prelude.Hashable CreateCertificateAuthority

instance Prelude.NFData CreateCertificateAuthority

instance Core.ToHeaders CreateCertificateAuthority where
  toHeaders :: CreateCertificateAuthority -> ResponseHeaders
toHeaders =
    ResponseHeaders -> CreateCertificateAuthority -> ResponseHeaders
forall a b. a -> b -> a
Prelude.const
      ( [ResponseHeaders] -> ResponseHeaders
forall a. Monoid a => [a] -> a
Prelude.mconcat
          [ HeaderName
"X-Amz-Target"
              HeaderName -> ByteString -> ResponseHeaders
forall a. ToHeader a => HeaderName -> a -> ResponseHeaders
Core.=# ( ByteString
"ACMPrivateCA.CreateCertificateAuthority" ::
                          Prelude.ByteString
                      ),
            HeaderName
"Content-Type"
              HeaderName -> ByteString -> ResponseHeaders
forall a. ToHeader a => HeaderName -> a -> ResponseHeaders
Core.=# ( ByteString
"application/x-amz-json-1.1" ::
                          Prelude.ByteString
                      )
          ]
      )

instance Core.ToJSON CreateCertificateAuthority where
  toJSON :: CreateCertificateAuthority -> Value
toJSON CreateCertificateAuthority' {Maybe (NonEmpty Tag)
Maybe Text
Maybe KeyStorageSecurityStandard
Maybe RevocationConfiguration
CertificateAuthorityType
CertificateAuthorityConfiguration
certificateAuthorityType :: CertificateAuthorityType
certificateAuthorityConfiguration :: CertificateAuthorityConfiguration
tags :: Maybe (NonEmpty Tag)
revocationConfiguration :: Maybe RevocationConfiguration
keyStorageSecurityStandard :: Maybe KeyStorageSecurityStandard
idempotencyToken :: Maybe Text
$sel:certificateAuthorityType:CreateCertificateAuthority' :: CreateCertificateAuthority -> CertificateAuthorityType
$sel:certificateAuthorityConfiguration:CreateCertificateAuthority' :: CreateCertificateAuthority -> CertificateAuthorityConfiguration
$sel:tags:CreateCertificateAuthority' :: CreateCertificateAuthority -> Maybe (NonEmpty Tag)
$sel:revocationConfiguration:CreateCertificateAuthority' :: CreateCertificateAuthority -> Maybe RevocationConfiguration
$sel:keyStorageSecurityStandard:CreateCertificateAuthority' :: CreateCertificateAuthority -> Maybe KeyStorageSecurityStandard
$sel:idempotencyToken:CreateCertificateAuthority' :: CreateCertificateAuthority -> Maybe Text
..} =
    [Pair] -> Value
Core.object
      ( [Maybe Pair] -> [Pair]
forall a. [Maybe a] -> [a]
Prelude.catMaybes
          [ (Text
"IdempotencyToken" Text -> Text -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..=)
              (Text -> Pair) -> Maybe Text -> Maybe Pair
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe Text
idempotencyToken,
            (Text
"KeyStorageSecurityStandard" Text -> KeyStorageSecurityStandard -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..=)
              (KeyStorageSecurityStandard -> Pair)
-> Maybe KeyStorageSecurityStandard -> Maybe Pair
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe KeyStorageSecurityStandard
keyStorageSecurityStandard,
            (Text
"RevocationConfiguration" Text -> RevocationConfiguration -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..=)
              (RevocationConfiguration -> Pair)
-> Maybe RevocationConfiguration -> Maybe Pair
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe RevocationConfiguration
revocationConfiguration,
            (Text
"Tags" Text -> NonEmpty Tag -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..=) (NonEmpty Tag -> Pair) -> Maybe (NonEmpty Tag) -> Maybe Pair
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe (NonEmpty Tag)
tags,
            Pair -> Maybe Pair
forall a. a -> Maybe a
Prelude.Just
              ( Text
"CertificateAuthorityConfiguration"
                  Text -> CertificateAuthorityConfiguration -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..= CertificateAuthorityConfiguration
certificateAuthorityConfiguration
              ),
            Pair -> Maybe Pair
forall a. a -> Maybe a
Prelude.Just
              ( Text
"CertificateAuthorityType"
                  Text -> CertificateAuthorityType -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..= CertificateAuthorityType
certificateAuthorityType
              )
          ]
      )

instance Core.ToPath CreateCertificateAuthority where
  toPath :: CreateCertificateAuthority -> ByteString
toPath = ByteString -> CreateCertificateAuthority -> ByteString
forall a b. a -> b -> a
Prelude.const ByteString
"/"

instance Core.ToQuery CreateCertificateAuthority where
  toQuery :: CreateCertificateAuthority -> QueryString
toQuery = QueryString -> CreateCertificateAuthority -> QueryString
forall a b. a -> b -> a
Prelude.const QueryString
forall a. Monoid a => a
Prelude.mempty

-- | /See:/ 'newCreateCertificateAuthorityResponse' smart constructor.
data CreateCertificateAuthorityResponse = CreateCertificateAuthorityResponse'
  { -- | If successful, the Amazon Resource Name (ARN) of the certificate
    -- authority (CA). This is of the form:
    --
    -- @arn:aws:acm-pca:region:account:certificate-authority\/12345678-1234-1234-1234-123456789012 @.
    CreateCertificateAuthorityResponse -> Maybe Text
certificateAuthorityArn :: Prelude.Maybe Prelude.Text,
    -- | The response's http status code.
    CreateCertificateAuthorityResponse -> Int
httpStatus :: Prelude.Int
  }
  deriving (CreateCertificateAuthorityResponse
-> CreateCertificateAuthorityResponse -> Bool
(CreateCertificateAuthorityResponse
 -> CreateCertificateAuthorityResponse -> Bool)
-> (CreateCertificateAuthorityResponse
    -> CreateCertificateAuthorityResponse -> Bool)
-> Eq CreateCertificateAuthorityResponse
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: CreateCertificateAuthorityResponse
-> CreateCertificateAuthorityResponse -> Bool
$c/= :: CreateCertificateAuthorityResponse
-> CreateCertificateAuthorityResponse -> Bool
== :: CreateCertificateAuthorityResponse
-> CreateCertificateAuthorityResponse -> Bool
$c== :: CreateCertificateAuthorityResponse
-> CreateCertificateAuthorityResponse -> Bool
Prelude.Eq, ReadPrec [CreateCertificateAuthorityResponse]
ReadPrec CreateCertificateAuthorityResponse
Int -> ReadS CreateCertificateAuthorityResponse
ReadS [CreateCertificateAuthorityResponse]
(Int -> ReadS CreateCertificateAuthorityResponse)
-> ReadS [CreateCertificateAuthorityResponse]
-> ReadPrec CreateCertificateAuthorityResponse
-> ReadPrec [CreateCertificateAuthorityResponse]
-> Read CreateCertificateAuthorityResponse
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [CreateCertificateAuthorityResponse]
$creadListPrec :: ReadPrec [CreateCertificateAuthorityResponse]
readPrec :: ReadPrec CreateCertificateAuthorityResponse
$creadPrec :: ReadPrec CreateCertificateAuthorityResponse
readList :: ReadS [CreateCertificateAuthorityResponse]
$creadList :: ReadS [CreateCertificateAuthorityResponse]
readsPrec :: Int -> ReadS CreateCertificateAuthorityResponse
$creadsPrec :: Int -> ReadS CreateCertificateAuthorityResponse
Prelude.Read, Int -> CreateCertificateAuthorityResponse -> ShowS
[CreateCertificateAuthorityResponse] -> ShowS
CreateCertificateAuthorityResponse -> String
(Int -> CreateCertificateAuthorityResponse -> ShowS)
-> (CreateCertificateAuthorityResponse -> String)
-> ([CreateCertificateAuthorityResponse] -> ShowS)
-> Show CreateCertificateAuthorityResponse
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [CreateCertificateAuthorityResponse] -> ShowS
$cshowList :: [CreateCertificateAuthorityResponse] -> ShowS
show :: CreateCertificateAuthorityResponse -> String
$cshow :: CreateCertificateAuthorityResponse -> String
showsPrec :: Int -> CreateCertificateAuthorityResponse -> ShowS
$cshowsPrec :: Int -> CreateCertificateAuthorityResponse -> ShowS
Prelude.Show, (forall x.
 CreateCertificateAuthorityResponse
 -> Rep CreateCertificateAuthorityResponse x)
-> (forall x.
    Rep CreateCertificateAuthorityResponse x
    -> CreateCertificateAuthorityResponse)
-> Generic CreateCertificateAuthorityResponse
forall x.
Rep CreateCertificateAuthorityResponse x
-> CreateCertificateAuthorityResponse
forall x.
CreateCertificateAuthorityResponse
-> Rep CreateCertificateAuthorityResponse x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x.
Rep CreateCertificateAuthorityResponse x
-> CreateCertificateAuthorityResponse
$cfrom :: forall x.
CreateCertificateAuthorityResponse
-> Rep CreateCertificateAuthorityResponse x
Prelude.Generic)

-- |
-- Create a value of 'CreateCertificateAuthorityResponse' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'certificateAuthorityArn', 'createCertificateAuthorityResponse_certificateAuthorityArn' - If successful, the Amazon Resource Name (ARN) of the certificate
-- authority (CA). This is of the form:
--
-- @arn:aws:acm-pca:region:account:certificate-authority\/12345678-1234-1234-1234-123456789012 @.
--
-- 'httpStatus', 'createCertificateAuthorityResponse_httpStatus' - The response's http status code.
newCreateCertificateAuthorityResponse ::
  -- | 'httpStatus'
  Prelude.Int ->
  CreateCertificateAuthorityResponse
newCreateCertificateAuthorityResponse :: Int -> CreateCertificateAuthorityResponse
newCreateCertificateAuthorityResponse Int
pHttpStatus_ =
  CreateCertificateAuthorityResponse' :: Maybe Text -> Int -> CreateCertificateAuthorityResponse
CreateCertificateAuthorityResponse'
    { $sel:certificateAuthorityArn:CreateCertificateAuthorityResponse' :: Maybe Text
certificateAuthorityArn =
        Maybe Text
forall a. Maybe a
Prelude.Nothing,
      $sel:httpStatus:CreateCertificateAuthorityResponse' :: Int
httpStatus = Int
pHttpStatus_
    }

-- | If successful, the Amazon Resource Name (ARN) of the certificate
-- authority (CA). This is of the form:
--
-- @arn:aws:acm-pca:region:account:certificate-authority\/12345678-1234-1234-1234-123456789012 @.
createCertificateAuthorityResponse_certificateAuthorityArn :: Lens.Lens' CreateCertificateAuthorityResponse (Prelude.Maybe Prelude.Text)
createCertificateAuthorityResponse_certificateAuthorityArn :: (Maybe Text -> f (Maybe Text))
-> CreateCertificateAuthorityResponse
-> f CreateCertificateAuthorityResponse
createCertificateAuthorityResponse_certificateAuthorityArn = (CreateCertificateAuthorityResponse -> Maybe Text)
-> (CreateCertificateAuthorityResponse
    -> Maybe Text -> CreateCertificateAuthorityResponse)
-> Lens
     CreateCertificateAuthorityResponse
     CreateCertificateAuthorityResponse
     (Maybe Text)
     (Maybe Text)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateCertificateAuthorityResponse' {Maybe Text
certificateAuthorityArn :: Maybe Text
$sel:certificateAuthorityArn:CreateCertificateAuthorityResponse' :: CreateCertificateAuthorityResponse -> Maybe Text
certificateAuthorityArn} -> Maybe Text
certificateAuthorityArn) (\s :: CreateCertificateAuthorityResponse
s@CreateCertificateAuthorityResponse' {} Maybe Text
a -> CreateCertificateAuthorityResponse
s {$sel:certificateAuthorityArn:CreateCertificateAuthorityResponse' :: Maybe Text
certificateAuthorityArn = Maybe Text
a} :: CreateCertificateAuthorityResponse)

-- | The response's http status code.
createCertificateAuthorityResponse_httpStatus :: Lens.Lens' CreateCertificateAuthorityResponse Prelude.Int
createCertificateAuthorityResponse_httpStatus :: (Int -> f Int)
-> CreateCertificateAuthorityResponse
-> f CreateCertificateAuthorityResponse
createCertificateAuthorityResponse_httpStatus = (CreateCertificateAuthorityResponse -> Int)
-> (CreateCertificateAuthorityResponse
    -> Int -> CreateCertificateAuthorityResponse)
-> Lens
     CreateCertificateAuthorityResponse
     CreateCertificateAuthorityResponse
     Int
     Int
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateCertificateAuthorityResponse' {Int
httpStatus :: Int
$sel:httpStatus:CreateCertificateAuthorityResponse' :: CreateCertificateAuthorityResponse -> Int
httpStatus} -> Int
httpStatus) (\s :: CreateCertificateAuthorityResponse
s@CreateCertificateAuthorityResponse' {} Int
a -> CreateCertificateAuthorityResponse
s {$sel:httpStatus:CreateCertificateAuthorityResponse' :: Int
httpStatus = Int
a} :: CreateCertificateAuthorityResponse)

instance
  Prelude.NFData
    CreateCertificateAuthorityResponse