{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE TypeFamilies #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-binds #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.CertificateManagerPCA.GetPolicy
-- Copyright   : (c) 2013-2021 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
--
-- Retrieves the resource-based policy attached to a private CA. If either
-- the private CA resource or the policy cannot be found, this action
-- returns a @ResourceNotFoundException@.
--
-- The policy can be attached or updated with
-- <https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_PutPolicy.html PutPolicy>
-- and removed with
-- <https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DeletePolicy.html DeletePolicy>.
--
-- __About Policies__
--
-- -   A policy grants access on a private CA to an AWS customer account,
--     to AWS Organizations, or to an AWS Organizations unit. Policies are
--     under the control of a CA administrator. For more information, see
--     <https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-rbp.html Using a Resource Based Policy with ACM Private CA>.
--
-- -   A policy permits a user of AWS Certificate Manager (ACM) to issue
--     ACM certificates signed by a CA in another account.
--
-- -   For ACM to manage automatic renewal of these certificates, the ACM
--     user must configure a Service Linked Role (SLR). The SLR allows the
--     ACM service to assume the identity of the user, subject to
--     confirmation against the ACM Private CA policy. For more
--     information, see
--     <https://docs.aws.amazon.com/acm/latest/userguide/acm-slr.html Using a Service Linked Role with ACM>.
--
-- -   Updates made in AWS Resource Manager (RAM) are reflected in
--     policies. For more information, see
--     <https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-ram.html Attach a Policy for Cross-Account Access>.
module Amazonka.CertificateManagerPCA.GetPolicy
  ( -- * Creating a Request
    GetPolicy (..),
    newGetPolicy,

    -- * Request Lenses
    getPolicy_resourceArn,

    -- * Destructuring the Response
    GetPolicyResponse (..),
    newGetPolicyResponse,

    -- * Response Lenses
    getPolicyResponse_policy,
    getPolicyResponse_httpStatus,
  )
where

import Amazonka.CertificateManagerPCA.Types
import qualified Amazonka.Core as Core
import qualified Amazonka.Lens as Lens
import qualified Amazonka.Prelude as Prelude
import qualified Amazonka.Request as Request
import qualified Amazonka.Response as Response

-- | /See:/ 'newGetPolicy' smart constructor.
data GetPolicy = GetPolicy'
  { -- | The Amazon Resource Number (ARN) of the private CA that will have its
    -- policy retrieved. You can find the CA\'s ARN by calling the
    -- ListCertificateAuthorities action.
    GetPolicy -> Text
resourceArn :: Prelude.Text
  }
  deriving (GetPolicy -> GetPolicy -> Bool
(GetPolicy -> GetPolicy -> Bool)
-> (GetPolicy -> GetPolicy -> Bool) -> Eq GetPolicy
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: GetPolicy -> GetPolicy -> Bool
$c/= :: GetPolicy -> GetPolicy -> Bool
== :: GetPolicy -> GetPolicy -> Bool
$c== :: GetPolicy -> GetPolicy -> Bool
Prelude.Eq, ReadPrec [GetPolicy]
ReadPrec GetPolicy
Int -> ReadS GetPolicy
ReadS [GetPolicy]
(Int -> ReadS GetPolicy)
-> ReadS [GetPolicy]
-> ReadPrec GetPolicy
-> ReadPrec [GetPolicy]
-> Read GetPolicy
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [GetPolicy]
$creadListPrec :: ReadPrec [GetPolicy]
readPrec :: ReadPrec GetPolicy
$creadPrec :: ReadPrec GetPolicy
readList :: ReadS [GetPolicy]
$creadList :: ReadS [GetPolicy]
readsPrec :: Int -> ReadS GetPolicy
$creadsPrec :: Int -> ReadS GetPolicy
Prelude.Read, Int -> GetPolicy -> ShowS
[GetPolicy] -> ShowS
GetPolicy -> String
(Int -> GetPolicy -> ShowS)
-> (GetPolicy -> String)
-> ([GetPolicy] -> ShowS)
-> Show GetPolicy
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [GetPolicy] -> ShowS
$cshowList :: [GetPolicy] -> ShowS
show :: GetPolicy -> String
$cshow :: GetPolicy -> String
showsPrec :: Int -> GetPolicy -> ShowS
$cshowsPrec :: Int -> GetPolicy -> ShowS
Prelude.Show, (forall x. GetPolicy -> Rep GetPolicy x)
-> (forall x. Rep GetPolicy x -> GetPolicy) -> Generic GetPolicy
forall x. Rep GetPolicy x -> GetPolicy
forall x. GetPolicy -> Rep GetPolicy x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x. Rep GetPolicy x -> GetPolicy
$cfrom :: forall x. GetPolicy -> Rep GetPolicy x
Prelude.Generic)

-- |
-- Create a value of 'GetPolicy' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'resourceArn', 'getPolicy_resourceArn' - The Amazon Resource Number (ARN) of the private CA that will have its
-- policy retrieved. You can find the CA\'s ARN by calling the
-- ListCertificateAuthorities action.
newGetPolicy ::
  -- | 'resourceArn'
  Prelude.Text ->
  GetPolicy
newGetPolicy :: Text -> GetPolicy
newGetPolicy Text
pResourceArn_ =
  GetPolicy' :: Text -> GetPolicy
GetPolicy' {$sel:resourceArn:GetPolicy' :: Text
resourceArn = Text
pResourceArn_}

-- | The Amazon Resource Number (ARN) of the private CA that will have its
-- policy retrieved. You can find the CA\'s ARN by calling the
-- ListCertificateAuthorities action.
getPolicy_resourceArn :: Lens.Lens' GetPolicy Prelude.Text
getPolicy_resourceArn :: (Text -> f Text) -> GetPolicy -> f GetPolicy
getPolicy_resourceArn = (GetPolicy -> Text)
-> (GetPolicy -> Text -> GetPolicy)
-> Lens GetPolicy GetPolicy Text Text
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\GetPolicy' {Text
resourceArn :: Text
$sel:resourceArn:GetPolicy' :: GetPolicy -> Text
resourceArn} -> Text
resourceArn) (\s :: GetPolicy
s@GetPolicy' {} Text
a -> GetPolicy
s {$sel:resourceArn:GetPolicy' :: Text
resourceArn = Text
a} :: GetPolicy)

instance Core.AWSRequest GetPolicy where
  type AWSResponse GetPolicy = GetPolicyResponse
  request :: GetPolicy -> Request GetPolicy
request = Service -> GetPolicy -> Request GetPolicy
forall a. (ToRequest a, ToJSON a) => Service -> a -> Request a
Request.postJSON Service
defaultService
  response :: Logger
-> Service
-> Proxy GetPolicy
-> ClientResponse ClientBody
-> m (Either Error (ClientResponse (AWSResponse GetPolicy)))
response =
    (Int
 -> ResponseHeaders
 -> Object
 -> Either String (AWSResponse GetPolicy))
-> Logger
-> Service
-> Proxy GetPolicy
-> ClientResponse ClientBody
-> m (Either Error (ClientResponse (AWSResponse GetPolicy)))
forall (m :: * -> *) a.
MonadResource m =>
(Int -> ResponseHeaders -> Object -> Either String (AWSResponse a))
-> Logger
-> Service
-> Proxy a
-> ClientResponse ClientBody
-> m (Either Error (ClientResponse (AWSResponse a)))
Response.receiveJSON
      ( \Int
s ResponseHeaders
h Object
x ->
          Maybe Text -> Int -> GetPolicyResponse
GetPolicyResponse'
            (Maybe Text -> Int -> GetPolicyResponse)
-> Either String (Maybe Text)
-> Either String (Int -> GetPolicyResponse)
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> (Object
x Object -> Text -> Either String (Maybe Text)
forall a. FromJSON a => Object -> Text -> Either String (Maybe a)
Core..?> Text
"Policy")
            Either String (Int -> GetPolicyResponse)
-> Either String Int -> Either String GetPolicyResponse
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Int -> Either String Int
forall (f :: * -> *) a. Applicative f => a -> f a
Prelude.pure (Int -> Int
forall a. Enum a => a -> Int
Prelude.fromEnum Int
s))
      )

instance Prelude.Hashable GetPolicy

instance Prelude.NFData GetPolicy

instance Core.ToHeaders GetPolicy where
  toHeaders :: GetPolicy -> ResponseHeaders
toHeaders =
    ResponseHeaders -> GetPolicy -> ResponseHeaders
forall a b. a -> b -> a
Prelude.const
      ( [ResponseHeaders] -> ResponseHeaders
forall a. Monoid a => [a] -> a
Prelude.mconcat
          [ HeaderName
"X-Amz-Target"
              HeaderName -> ByteString -> ResponseHeaders
forall a. ToHeader a => HeaderName -> a -> ResponseHeaders
Core.=# (ByteString
"ACMPrivateCA.GetPolicy" :: Prelude.ByteString),
            HeaderName
"Content-Type"
              HeaderName -> ByteString -> ResponseHeaders
forall a. ToHeader a => HeaderName -> a -> ResponseHeaders
Core.=# ( ByteString
"application/x-amz-json-1.1" ::
                          Prelude.ByteString
                      )
          ]
      )

instance Core.ToJSON GetPolicy where
  toJSON :: GetPolicy -> Value
toJSON GetPolicy' {Text
resourceArn :: Text
$sel:resourceArn:GetPolicy' :: GetPolicy -> Text
..} =
    [Pair] -> Value
Core.object
      ( [Maybe Pair] -> [Pair]
forall a. [Maybe a] -> [a]
Prelude.catMaybes
          [Pair -> Maybe Pair
forall a. a -> Maybe a
Prelude.Just (Text
"ResourceArn" Text -> Text -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..= Text
resourceArn)]
      )

instance Core.ToPath GetPolicy where
  toPath :: GetPolicy -> ByteString
toPath = ByteString -> GetPolicy -> ByteString
forall a b. a -> b -> a
Prelude.const ByteString
"/"

instance Core.ToQuery GetPolicy where
  toQuery :: GetPolicy -> QueryString
toQuery = QueryString -> GetPolicy -> QueryString
forall a b. a -> b -> a
Prelude.const QueryString
forall a. Monoid a => a
Prelude.mempty

-- | /See:/ 'newGetPolicyResponse' smart constructor.
data GetPolicyResponse = GetPolicyResponse'
  { -- | The policy attached to the private CA as a JSON document.
    GetPolicyResponse -> Maybe Text
policy :: Prelude.Maybe Prelude.Text,
    -- | The response's http status code.
    GetPolicyResponse -> Int
httpStatus :: Prelude.Int
  }
  deriving (GetPolicyResponse -> GetPolicyResponse -> Bool
(GetPolicyResponse -> GetPolicyResponse -> Bool)
-> (GetPolicyResponse -> GetPolicyResponse -> Bool)
-> Eq GetPolicyResponse
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: GetPolicyResponse -> GetPolicyResponse -> Bool
$c/= :: GetPolicyResponse -> GetPolicyResponse -> Bool
== :: GetPolicyResponse -> GetPolicyResponse -> Bool
$c== :: GetPolicyResponse -> GetPolicyResponse -> Bool
Prelude.Eq, ReadPrec [GetPolicyResponse]
ReadPrec GetPolicyResponse
Int -> ReadS GetPolicyResponse
ReadS [GetPolicyResponse]
(Int -> ReadS GetPolicyResponse)
-> ReadS [GetPolicyResponse]
-> ReadPrec GetPolicyResponse
-> ReadPrec [GetPolicyResponse]
-> Read GetPolicyResponse
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [GetPolicyResponse]
$creadListPrec :: ReadPrec [GetPolicyResponse]
readPrec :: ReadPrec GetPolicyResponse
$creadPrec :: ReadPrec GetPolicyResponse
readList :: ReadS [GetPolicyResponse]
$creadList :: ReadS [GetPolicyResponse]
readsPrec :: Int -> ReadS GetPolicyResponse
$creadsPrec :: Int -> ReadS GetPolicyResponse
Prelude.Read, Int -> GetPolicyResponse -> ShowS
[GetPolicyResponse] -> ShowS
GetPolicyResponse -> String
(Int -> GetPolicyResponse -> ShowS)
-> (GetPolicyResponse -> String)
-> ([GetPolicyResponse] -> ShowS)
-> Show GetPolicyResponse
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [GetPolicyResponse] -> ShowS
$cshowList :: [GetPolicyResponse] -> ShowS
show :: GetPolicyResponse -> String
$cshow :: GetPolicyResponse -> String
showsPrec :: Int -> GetPolicyResponse -> ShowS
$cshowsPrec :: Int -> GetPolicyResponse -> ShowS
Prelude.Show, (forall x. GetPolicyResponse -> Rep GetPolicyResponse x)
-> (forall x. Rep GetPolicyResponse x -> GetPolicyResponse)
-> Generic GetPolicyResponse
forall x. Rep GetPolicyResponse x -> GetPolicyResponse
forall x. GetPolicyResponse -> Rep GetPolicyResponse x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x. Rep GetPolicyResponse x -> GetPolicyResponse
$cfrom :: forall x. GetPolicyResponse -> Rep GetPolicyResponse x
Prelude.Generic)

-- |
-- Create a value of 'GetPolicyResponse' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'policy', 'getPolicyResponse_policy' - The policy attached to the private CA as a JSON document.
--
-- 'httpStatus', 'getPolicyResponse_httpStatus' - The response's http status code.
newGetPolicyResponse ::
  -- | 'httpStatus'
  Prelude.Int ->
  GetPolicyResponse
newGetPolicyResponse :: Int -> GetPolicyResponse
newGetPolicyResponse Int
pHttpStatus_ =
  GetPolicyResponse' :: Maybe Text -> Int -> GetPolicyResponse
GetPolicyResponse'
    { $sel:policy:GetPolicyResponse' :: Maybe Text
policy = Maybe Text
forall a. Maybe a
Prelude.Nothing,
      $sel:httpStatus:GetPolicyResponse' :: Int
httpStatus = Int
pHttpStatus_
    }

-- | The policy attached to the private CA as a JSON document.
getPolicyResponse_policy :: Lens.Lens' GetPolicyResponse (Prelude.Maybe Prelude.Text)
getPolicyResponse_policy :: (Maybe Text -> f (Maybe Text))
-> GetPolicyResponse -> f GetPolicyResponse
getPolicyResponse_policy = (GetPolicyResponse -> Maybe Text)
-> (GetPolicyResponse -> Maybe Text -> GetPolicyResponse)
-> Lens
     GetPolicyResponse GetPolicyResponse (Maybe Text) (Maybe Text)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\GetPolicyResponse' {Maybe Text
policy :: Maybe Text
$sel:policy:GetPolicyResponse' :: GetPolicyResponse -> Maybe Text
policy} -> Maybe Text
policy) (\s :: GetPolicyResponse
s@GetPolicyResponse' {} Maybe Text
a -> GetPolicyResponse
s {$sel:policy:GetPolicyResponse' :: Maybe Text
policy = Maybe Text
a} :: GetPolicyResponse)

-- | The response's http status code.
getPolicyResponse_httpStatus :: Lens.Lens' GetPolicyResponse Prelude.Int
getPolicyResponse_httpStatus :: (Int -> f Int) -> GetPolicyResponse -> f GetPolicyResponse
getPolicyResponse_httpStatus = (GetPolicyResponse -> Int)
-> (GetPolicyResponse -> Int -> GetPolicyResponse)
-> Lens GetPolicyResponse GetPolicyResponse Int Int
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\GetPolicyResponse' {Int
httpStatus :: Int
$sel:httpStatus:GetPolicyResponse' :: GetPolicyResponse -> Int
httpStatus} -> Int
httpStatus) (\s :: GetPolicyResponse
s@GetPolicyResponse' {} Int
a -> GetPolicyResponse
s {$sel:httpStatus:GetPolicyResponse' :: Int
httpStatus = Int
a} :: GetPolicyResponse)

instance Prelude.NFData GetPolicyResponse