{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE TypeFamilies #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-binds #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.CertificateManagerPCA.PutPolicy
-- Copyright   : (c) 2013-2021 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
--
-- Attaches a resource-based policy to a private CA.
--
-- A policy can also be applied by sharing a private CA through AWS
-- Resource Access Manager (RAM). For more information, see
-- <https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-ram.html Attach a Policy for Cross-Account Access>.
--
-- The policy can be displayed with
-- <https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_GetPolicy.html GetPolicy>
-- and removed with
-- <https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DeletePolicy.html DeletePolicy>.
--
-- __About Policies__
--
-- -   A policy grants access on a private CA to an AWS customer account,
--     to AWS Organizations, or to an AWS Organizations unit. Policies are
--     under the control of a CA administrator. For more information, see
--     <https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-rbp.html Using a Resource Based Policy with ACM Private CA>.
--
-- -   A policy permits a user of AWS Certificate Manager (ACM) to issue
--     ACM certificates signed by a CA in another account.
--
-- -   For ACM to manage automatic renewal of these certificates, the ACM
--     user must configure a Service Linked Role (SLR). The SLR allows the
--     ACM service to assume the identity of the user, subject to
--     confirmation against the ACM Private CA policy. For more
--     information, see
--     <https://docs.aws.amazon.com/acm/latest/userguide/acm-slr.html Using a Service Linked Role with ACM>.
--
-- -   Updates made in AWS Resource Manager (RAM) are reflected in
--     policies. For more information, see
--     <https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-ram.html Attach a Policy for Cross-Account Access>.
module Amazonka.CertificateManagerPCA.PutPolicy
  ( -- * Creating a Request
    PutPolicy (..),
    newPutPolicy,

    -- * Request Lenses
    putPolicy_resourceArn,
    putPolicy_policy,

    -- * Destructuring the Response
    PutPolicyResponse (..),
    newPutPolicyResponse,
  )
where

import Amazonka.CertificateManagerPCA.Types
import qualified Amazonka.Core as Core
import qualified Amazonka.Lens as Lens
import qualified Amazonka.Prelude as Prelude
import qualified Amazonka.Request as Request
import qualified Amazonka.Response as Response

-- | /See:/ 'newPutPolicy' smart constructor.
data PutPolicy = PutPolicy'
  { -- | The Amazon Resource Number (ARN) of the private CA to associate with the
    -- policy. The ARN of the CA can be found by calling the
    -- <https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html ListCertificateAuthorities>
    -- action.
    PutPolicy -> Text
resourceArn :: Prelude.Text,
    -- | The path and file name of a JSON-formatted IAM policy to attach to the
    -- specified private CA resource. If this policy does not contain all
    -- required statements or if it includes any statement that is not allowed,
    -- the @PutPolicy@ action returns an @InvalidPolicyException@. For
    -- information about IAM policy and statement structure, see
    -- <https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policies-json Overview of JSON Policies>.
    PutPolicy -> Text
policy :: Prelude.Text
  }
  deriving (PutPolicy -> PutPolicy -> Bool
(PutPolicy -> PutPolicy -> Bool)
-> (PutPolicy -> PutPolicy -> Bool) -> Eq PutPolicy
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: PutPolicy -> PutPolicy -> Bool
$c/= :: PutPolicy -> PutPolicy -> Bool
== :: PutPolicy -> PutPolicy -> Bool
$c== :: PutPolicy -> PutPolicy -> Bool
Prelude.Eq, ReadPrec [PutPolicy]
ReadPrec PutPolicy
Int -> ReadS PutPolicy
ReadS [PutPolicy]
(Int -> ReadS PutPolicy)
-> ReadS [PutPolicy]
-> ReadPrec PutPolicy
-> ReadPrec [PutPolicy]
-> Read PutPolicy
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [PutPolicy]
$creadListPrec :: ReadPrec [PutPolicy]
readPrec :: ReadPrec PutPolicy
$creadPrec :: ReadPrec PutPolicy
readList :: ReadS [PutPolicy]
$creadList :: ReadS [PutPolicy]
readsPrec :: Int -> ReadS PutPolicy
$creadsPrec :: Int -> ReadS PutPolicy
Prelude.Read, Int -> PutPolicy -> ShowS
[PutPolicy] -> ShowS
PutPolicy -> String
(Int -> PutPolicy -> ShowS)
-> (PutPolicy -> String)
-> ([PutPolicy] -> ShowS)
-> Show PutPolicy
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [PutPolicy] -> ShowS
$cshowList :: [PutPolicy] -> ShowS
show :: PutPolicy -> String
$cshow :: PutPolicy -> String
showsPrec :: Int -> PutPolicy -> ShowS
$cshowsPrec :: Int -> PutPolicy -> ShowS
Prelude.Show, (forall x. PutPolicy -> Rep PutPolicy x)
-> (forall x. Rep PutPolicy x -> PutPolicy) -> Generic PutPolicy
forall x. Rep PutPolicy x -> PutPolicy
forall x. PutPolicy -> Rep PutPolicy x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x. Rep PutPolicy x -> PutPolicy
$cfrom :: forall x. PutPolicy -> Rep PutPolicy x
Prelude.Generic)

-- |
-- Create a value of 'PutPolicy' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'resourceArn', 'putPolicy_resourceArn' - The Amazon Resource Number (ARN) of the private CA to associate with the
-- policy. The ARN of the CA can be found by calling the
-- <https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html ListCertificateAuthorities>
-- action.
--
-- 'policy', 'putPolicy_policy' - The path and file name of a JSON-formatted IAM policy to attach to the
-- specified private CA resource. If this policy does not contain all
-- required statements or if it includes any statement that is not allowed,
-- the @PutPolicy@ action returns an @InvalidPolicyException@. For
-- information about IAM policy and statement structure, see
-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policies-json Overview of JSON Policies>.
newPutPolicy ::
  -- | 'resourceArn'
  Prelude.Text ->
  -- | 'policy'
  Prelude.Text ->
  PutPolicy
newPutPolicy :: Text -> Text -> PutPolicy
newPutPolicy Text
pResourceArn_ Text
pPolicy_ =
  PutPolicy' :: Text -> Text -> PutPolicy
PutPolicy'
    { $sel:resourceArn:PutPolicy' :: Text
resourceArn = Text
pResourceArn_,
      $sel:policy:PutPolicy' :: Text
policy = Text
pPolicy_
    }

-- | The Amazon Resource Number (ARN) of the private CA to associate with the
-- policy. The ARN of the CA can be found by calling the
-- <https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html ListCertificateAuthorities>
-- action.
putPolicy_resourceArn :: Lens.Lens' PutPolicy Prelude.Text
putPolicy_resourceArn :: (Text -> f Text) -> PutPolicy -> f PutPolicy
putPolicy_resourceArn = (PutPolicy -> Text)
-> (PutPolicy -> Text -> PutPolicy)
-> Lens PutPolicy PutPolicy Text Text
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\PutPolicy' {Text
resourceArn :: Text
$sel:resourceArn:PutPolicy' :: PutPolicy -> Text
resourceArn} -> Text
resourceArn) (\s :: PutPolicy
s@PutPolicy' {} Text
a -> PutPolicy
s {$sel:resourceArn:PutPolicy' :: Text
resourceArn = Text
a} :: PutPolicy)

-- | The path and file name of a JSON-formatted IAM policy to attach to the
-- specified private CA resource. If this policy does not contain all
-- required statements or if it includes any statement that is not allowed,
-- the @PutPolicy@ action returns an @InvalidPolicyException@. For
-- information about IAM policy and statement structure, see
-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policies-json Overview of JSON Policies>.
putPolicy_policy :: Lens.Lens' PutPolicy Prelude.Text
putPolicy_policy :: (Text -> f Text) -> PutPolicy -> f PutPolicy
putPolicy_policy = (PutPolicy -> Text)
-> (PutPolicy -> Text -> PutPolicy)
-> Lens PutPolicy PutPolicy Text Text
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\PutPolicy' {Text
policy :: Text
$sel:policy:PutPolicy' :: PutPolicy -> Text
policy} -> Text
policy) (\s :: PutPolicy
s@PutPolicy' {} Text
a -> PutPolicy
s {$sel:policy:PutPolicy' :: Text
policy = Text
a} :: PutPolicy)

instance Core.AWSRequest PutPolicy where
  type AWSResponse PutPolicy = PutPolicyResponse
  request :: PutPolicy -> Request PutPolicy
request = Service -> PutPolicy -> Request PutPolicy
forall a. (ToRequest a, ToJSON a) => Service -> a -> Request a
Request.postJSON Service
defaultService
  response :: Logger
-> Service
-> Proxy PutPolicy
-> ClientResponse ClientBody
-> m (Either Error (ClientResponse (AWSResponse PutPolicy)))
response = AWSResponse PutPolicy
-> Logger
-> Service
-> Proxy PutPolicy
-> ClientResponse ClientBody
-> m (Either Error (ClientResponse (AWSResponse PutPolicy)))
forall (m :: * -> *) a.
MonadResource m =>
AWSResponse a
-> Logger
-> Service
-> Proxy a
-> ClientResponse ClientBody
-> m (Either Error (ClientResponse (AWSResponse a)))
Response.receiveNull AWSResponse PutPolicy
PutPolicyResponse
PutPolicyResponse'

instance Prelude.Hashable PutPolicy

instance Prelude.NFData PutPolicy

instance Core.ToHeaders PutPolicy where
  toHeaders :: PutPolicy -> [Header]
toHeaders =
    [Header] -> PutPolicy -> [Header]
forall a b. a -> b -> a
Prelude.const
      ( [[Header]] -> [Header]
forall a. Monoid a => [a] -> a
Prelude.mconcat
          [ HeaderName
"X-Amz-Target"
              HeaderName -> ByteString -> [Header]
forall a. ToHeader a => HeaderName -> a -> [Header]
Core.=# (ByteString
"ACMPrivateCA.PutPolicy" :: Prelude.ByteString),
            HeaderName
"Content-Type"
              HeaderName -> ByteString -> [Header]
forall a. ToHeader a => HeaderName -> a -> [Header]
Core.=# ( ByteString
"application/x-amz-json-1.1" ::
                          Prelude.ByteString
                      )
          ]
      )

instance Core.ToJSON PutPolicy where
  toJSON :: PutPolicy -> Value
toJSON PutPolicy' {Text
policy :: Text
resourceArn :: Text
$sel:policy:PutPolicy' :: PutPolicy -> Text
$sel:resourceArn:PutPolicy' :: PutPolicy -> Text
..} =
    [Pair] -> Value
Core.object
      ( [Maybe Pair] -> [Pair]
forall a. [Maybe a] -> [a]
Prelude.catMaybes
          [ Pair -> Maybe Pair
forall a. a -> Maybe a
Prelude.Just (Text
"ResourceArn" Text -> Text -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..= Text
resourceArn),
            Pair -> Maybe Pair
forall a. a -> Maybe a
Prelude.Just (Text
"Policy" Text -> Text -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..= Text
policy)
          ]
      )

instance Core.ToPath PutPolicy where
  toPath :: PutPolicy -> ByteString
toPath = ByteString -> PutPolicy -> ByteString
forall a b. a -> b -> a
Prelude.const ByteString
"/"

instance Core.ToQuery PutPolicy where
  toQuery :: PutPolicy -> QueryString
toQuery = QueryString -> PutPolicy -> QueryString
forall a b. a -> b -> a
Prelude.const QueryString
forall a. Monoid a => a
Prelude.mempty

-- | /See:/ 'newPutPolicyResponse' smart constructor.
data PutPolicyResponse = PutPolicyResponse'
  {
  }
  deriving (PutPolicyResponse -> PutPolicyResponse -> Bool
(PutPolicyResponse -> PutPolicyResponse -> Bool)
-> (PutPolicyResponse -> PutPolicyResponse -> Bool)
-> Eq PutPolicyResponse
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: PutPolicyResponse -> PutPolicyResponse -> Bool
$c/= :: PutPolicyResponse -> PutPolicyResponse -> Bool
== :: PutPolicyResponse -> PutPolicyResponse -> Bool
$c== :: PutPolicyResponse -> PutPolicyResponse -> Bool
Prelude.Eq, ReadPrec [PutPolicyResponse]
ReadPrec PutPolicyResponse
Int -> ReadS PutPolicyResponse
ReadS [PutPolicyResponse]
(Int -> ReadS PutPolicyResponse)
-> ReadS [PutPolicyResponse]
-> ReadPrec PutPolicyResponse
-> ReadPrec [PutPolicyResponse]
-> Read PutPolicyResponse
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [PutPolicyResponse]
$creadListPrec :: ReadPrec [PutPolicyResponse]
readPrec :: ReadPrec PutPolicyResponse
$creadPrec :: ReadPrec PutPolicyResponse
readList :: ReadS [PutPolicyResponse]
$creadList :: ReadS [PutPolicyResponse]
readsPrec :: Int -> ReadS PutPolicyResponse
$creadsPrec :: Int -> ReadS PutPolicyResponse
Prelude.Read, Int -> PutPolicyResponse -> ShowS
[PutPolicyResponse] -> ShowS
PutPolicyResponse -> String
(Int -> PutPolicyResponse -> ShowS)
-> (PutPolicyResponse -> String)
-> ([PutPolicyResponse] -> ShowS)
-> Show PutPolicyResponse
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [PutPolicyResponse] -> ShowS
$cshowList :: [PutPolicyResponse] -> ShowS
show :: PutPolicyResponse -> String
$cshow :: PutPolicyResponse -> String
showsPrec :: Int -> PutPolicyResponse -> ShowS
$cshowsPrec :: Int -> PutPolicyResponse -> ShowS
Prelude.Show, (forall x. PutPolicyResponse -> Rep PutPolicyResponse x)
-> (forall x. Rep PutPolicyResponse x -> PutPolicyResponse)
-> Generic PutPolicyResponse
forall x. Rep PutPolicyResponse x -> PutPolicyResponse
forall x. PutPolicyResponse -> Rep PutPolicyResponse x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x. Rep PutPolicyResponse x -> PutPolicyResponse
$cfrom :: forall x. PutPolicyResponse -> Rep PutPolicyResponse x
Prelude.Generic)

-- |
-- Create a value of 'PutPolicyResponse' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
newPutPolicyResponse ::
  PutPolicyResponse
newPutPolicyResponse :: PutPolicyResponse
newPutPolicyResponse = PutPolicyResponse
PutPolicyResponse'

instance Prelude.NFData PutPolicyResponse