{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.Glue.Types.ConnectionPasswordEncryption
-- Copyright   : (c) 2013-2021 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
module Amazonka.Glue.Types.ConnectionPasswordEncryption where

import qualified Amazonka.Core as Core
import qualified Amazonka.Lens as Lens
import qualified Amazonka.Prelude as Prelude

-- | The data structure used by the Data Catalog to encrypt the password as
-- part of @CreateConnection@ or @UpdateConnection@ and store it in the
-- @ENCRYPTED_PASSWORD@ field in the connection properties. You can enable
-- catalog encryption or only password encryption.
--
-- When a @CreationConnection@ request arrives containing a password, the
-- Data Catalog first encrypts the password using your KMS key. It then
-- encrypts the whole connection object again if catalog encryption is also
-- enabled.
--
-- This encryption requires that you set KMS key permissions to enable or
-- restrict access on the password key according to your security
-- requirements. For example, you might want only administrators to have
-- decrypt permission on the password key.
--
-- /See:/ 'newConnectionPasswordEncryption' smart constructor.
data ConnectionPasswordEncryption = ConnectionPasswordEncryption'
  { -- | An KMS key that is used to encrypt the connection password.
    --
    -- If connection password protection is enabled, the caller of
    -- @CreateConnection@ and @UpdateConnection@ needs at least @kms:Encrypt@
    -- permission on the specified KMS key, to encrypt passwords before storing
    -- them in the Data Catalog.
    --
    -- You can set the decrypt permission to enable or restrict access on the
    -- password key according to your security requirements.
    ConnectionPasswordEncryption -> Maybe Text
awsKmsKeyId :: Prelude.Maybe Prelude.Text,
    -- | When the @ReturnConnectionPasswordEncrypted@ flag is set to \"true\",
    -- passwords remain encrypted in the responses of @GetConnection@ and
    -- @GetConnections@. This encryption takes effect independently from
    -- catalog encryption.
    ConnectionPasswordEncryption -> Bool
returnConnectionPasswordEncrypted :: Prelude.Bool
  }
  deriving (ConnectionPasswordEncryption
-> ConnectionPasswordEncryption -> Bool
(ConnectionPasswordEncryption
 -> ConnectionPasswordEncryption -> Bool)
-> (ConnectionPasswordEncryption
    -> ConnectionPasswordEncryption -> Bool)
-> Eq ConnectionPasswordEncryption
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: ConnectionPasswordEncryption
-> ConnectionPasswordEncryption -> Bool
$c/= :: ConnectionPasswordEncryption
-> ConnectionPasswordEncryption -> Bool
== :: ConnectionPasswordEncryption
-> ConnectionPasswordEncryption -> Bool
$c== :: ConnectionPasswordEncryption
-> ConnectionPasswordEncryption -> Bool
Prelude.Eq, ReadPrec [ConnectionPasswordEncryption]
ReadPrec ConnectionPasswordEncryption
Int -> ReadS ConnectionPasswordEncryption
ReadS [ConnectionPasswordEncryption]
(Int -> ReadS ConnectionPasswordEncryption)
-> ReadS [ConnectionPasswordEncryption]
-> ReadPrec ConnectionPasswordEncryption
-> ReadPrec [ConnectionPasswordEncryption]
-> Read ConnectionPasswordEncryption
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [ConnectionPasswordEncryption]
$creadListPrec :: ReadPrec [ConnectionPasswordEncryption]
readPrec :: ReadPrec ConnectionPasswordEncryption
$creadPrec :: ReadPrec ConnectionPasswordEncryption
readList :: ReadS [ConnectionPasswordEncryption]
$creadList :: ReadS [ConnectionPasswordEncryption]
readsPrec :: Int -> ReadS ConnectionPasswordEncryption
$creadsPrec :: Int -> ReadS ConnectionPasswordEncryption
Prelude.Read, Int -> ConnectionPasswordEncryption -> ShowS
[ConnectionPasswordEncryption] -> ShowS
ConnectionPasswordEncryption -> String
(Int -> ConnectionPasswordEncryption -> ShowS)
-> (ConnectionPasswordEncryption -> String)
-> ([ConnectionPasswordEncryption] -> ShowS)
-> Show ConnectionPasswordEncryption
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [ConnectionPasswordEncryption] -> ShowS
$cshowList :: [ConnectionPasswordEncryption] -> ShowS
show :: ConnectionPasswordEncryption -> String
$cshow :: ConnectionPasswordEncryption -> String
showsPrec :: Int -> ConnectionPasswordEncryption -> ShowS
$cshowsPrec :: Int -> ConnectionPasswordEncryption -> ShowS
Prelude.Show, (forall x.
 ConnectionPasswordEncryption -> Rep ConnectionPasswordEncryption x)
-> (forall x.
    Rep ConnectionPasswordEncryption x -> ConnectionPasswordEncryption)
-> Generic ConnectionPasswordEncryption
forall x.
Rep ConnectionPasswordEncryption x -> ConnectionPasswordEncryption
forall x.
ConnectionPasswordEncryption -> Rep ConnectionPasswordEncryption x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x.
Rep ConnectionPasswordEncryption x -> ConnectionPasswordEncryption
$cfrom :: forall x.
ConnectionPasswordEncryption -> Rep ConnectionPasswordEncryption x
Prelude.Generic)

-- |
-- Create a value of 'ConnectionPasswordEncryption' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'awsKmsKeyId', 'connectionPasswordEncryption_awsKmsKeyId' - An KMS key that is used to encrypt the connection password.
--
-- If connection password protection is enabled, the caller of
-- @CreateConnection@ and @UpdateConnection@ needs at least @kms:Encrypt@
-- permission on the specified KMS key, to encrypt passwords before storing
-- them in the Data Catalog.
--
-- You can set the decrypt permission to enable or restrict access on the
-- password key according to your security requirements.
--
-- 'returnConnectionPasswordEncrypted', 'connectionPasswordEncryption_returnConnectionPasswordEncrypted' - When the @ReturnConnectionPasswordEncrypted@ flag is set to \"true\",
-- passwords remain encrypted in the responses of @GetConnection@ and
-- @GetConnections@. This encryption takes effect independently from
-- catalog encryption.
newConnectionPasswordEncryption ::
  -- | 'returnConnectionPasswordEncrypted'
  Prelude.Bool ->
  ConnectionPasswordEncryption
newConnectionPasswordEncryption :: Bool -> ConnectionPasswordEncryption
newConnectionPasswordEncryption
  Bool
pReturnConnectionPasswordEncrypted_ =
    ConnectionPasswordEncryption' :: Maybe Text -> Bool -> ConnectionPasswordEncryption
ConnectionPasswordEncryption'
      { $sel:awsKmsKeyId:ConnectionPasswordEncryption' :: Maybe Text
awsKmsKeyId =
          Maybe Text
forall a. Maybe a
Prelude.Nothing,
        $sel:returnConnectionPasswordEncrypted:ConnectionPasswordEncryption' :: Bool
returnConnectionPasswordEncrypted =
          Bool
pReturnConnectionPasswordEncrypted_
      }

-- | An KMS key that is used to encrypt the connection password.
--
-- If connection password protection is enabled, the caller of
-- @CreateConnection@ and @UpdateConnection@ needs at least @kms:Encrypt@
-- permission on the specified KMS key, to encrypt passwords before storing
-- them in the Data Catalog.
--
-- You can set the decrypt permission to enable or restrict access on the
-- password key according to your security requirements.
connectionPasswordEncryption_awsKmsKeyId :: Lens.Lens' ConnectionPasswordEncryption (Prelude.Maybe Prelude.Text)
connectionPasswordEncryption_awsKmsKeyId :: (Maybe Text -> f (Maybe Text))
-> ConnectionPasswordEncryption -> f ConnectionPasswordEncryption
connectionPasswordEncryption_awsKmsKeyId = (ConnectionPasswordEncryption -> Maybe Text)
-> (ConnectionPasswordEncryption
    -> Maybe Text -> ConnectionPasswordEncryption)
-> Lens
     ConnectionPasswordEncryption
     ConnectionPasswordEncryption
     (Maybe Text)
     (Maybe Text)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\ConnectionPasswordEncryption' {Maybe Text
awsKmsKeyId :: Maybe Text
$sel:awsKmsKeyId:ConnectionPasswordEncryption' :: ConnectionPasswordEncryption -> Maybe Text
awsKmsKeyId} -> Maybe Text
awsKmsKeyId) (\s :: ConnectionPasswordEncryption
s@ConnectionPasswordEncryption' {} Maybe Text
a -> ConnectionPasswordEncryption
s {$sel:awsKmsKeyId:ConnectionPasswordEncryption' :: Maybe Text
awsKmsKeyId = Maybe Text
a} :: ConnectionPasswordEncryption)

-- | When the @ReturnConnectionPasswordEncrypted@ flag is set to \"true\",
-- passwords remain encrypted in the responses of @GetConnection@ and
-- @GetConnections@. This encryption takes effect independently from
-- catalog encryption.
connectionPasswordEncryption_returnConnectionPasswordEncrypted :: Lens.Lens' ConnectionPasswordEncryption Prelude.Bool
connectionPasswordEncryption_returnConnectionPasswordEncrypted :: (Bool -> f Bool)
-> ConnectionPasswordEncryption -> f ConnectionPasswordEncryption
connectionPasswordEncryption_returnConnectionPasswordEncrypted = (ConnectionPasswordEncryption -> Bool)
-> (ConnectionPasswordEncryption
    -> Bool -> ConnectionPasswordEncryption)
-> Lens
     ConnectionPasswordEncryption ConnectionPasswordEncryption Bool Bool
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\ConnectionPasswordEncryption' {Bool
returnConnectionPasswordEncrypted :: Bool
$sel:returnConnectionPasswordEncrypted:ConnectionPasswordEncryption' :: ConnectionPasswordEncryption -> Bool
returnConnectionPasswordEncrypted} -> Bool
returnConnectionPasswordEncrypted) (\s :: ConnectionPasswordEncryption
s@ConnectionPasswordEncryption' {} Bool
a -> ConnectionPasswordEncryption
s {$sel:returnConnectionPasswordEncrypted:ConnectionPasswordEncryption' :: Bool
returnConnectionPasswordEncrypted = Bool
a} :: ConnectionPasswordEncryption)

instance Core.FromJSON ConnectionPasswordEncryption where
  parseJSON :: Value -> Parser ConnectionPasswordEncryption
parseJSON =
    String
-> (Object -> Parser ConnectionPasswordEncryption)
-> Value
-> Parser ConnectionPasswordEncryption
forall a. String -> (Object -> Parser a) -> Value -> Parser a
Core.withObject
      String
"ConnectionPasswordEncryption"
      ( \Object
x ->
          Maybe Text -> Bool -> ConnectionPasswordEncryption
ConnectionPasswordEncryption'
            (Maybe Text -> Bool -> ConnectionPasswordEncryption)
-> Parser (Maybe Text)
-> Parser (Bool -> ConnectionPasswordEncryption)
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> (Object
x Object -> Text -> Parser (Maybe Text)
forall a. FromJSON a => Object -> Text -> Parser (Maybe a)
Core..:? Text
"AwsKmsKeyId")
            Parser (Bool -> ConnectionPasswordEncryption)
-> Parser Bool -> Parser ConnectionPasswordEncryption
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x Object -> Text -> Parser Bool
forall a. FromJSON a => Object -> Text -> Parser a
Core..: Text
"ReturnConnectionPasswordEncrypted")
      )

instance
  Prelude.Hashable
    ConnectionPasswordEncryption

instance Prelude.NFData ConnectionPasswordEncryption

instance Core.ToJSON ConnectionPasswordEncryption where
  toJSON :: ConnectionPasswordEncryption -> Value
toJSON ConnectionPasswordEncryption' {Bool
Maybe Text
returnConnectionPasswordEncrypted :: Bool
awsKmsKeyId :: Maybe Text
$sel:returnConnectionPasswordEncrypted:ConnectionPasswordEncryption' :: ConnectionPasswordEncryption -> Bool
$sel:awsKmsKeyId:ConnectionPasswordEncryption' :: ConnectionPasswordEncryption -> Maybe Text
..} =
    [Pair] -> Value
Core.object
      ( [Maybe Pair] -> [Pair]
forall a. [Maybe a] -> [a]
Prelude.catMaybes
          [ (Text
"AwsKmsKeyId" Text -> Text -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..=) (Text -> Pair) -> Maybe Text -> Maybe Pair
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe Text
awsKmsKeyId,
            Pair -> Maybe Pair
forall a. a -> Maybe a
Prelude.Just
              ( Text
"ReturnConnectionPasswordEncrypted"
                  Text -> Bool -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..= Bool
returnConnectionPasswordEncrypted
              )
          ]
      )