{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE TypeFamilies #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-binds #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.KMS.ConnectCustomKeyStore
-- Copyright   : (c) 2013-2021 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
--
-- Connects or reconnects a
-- <https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html custom key store>
-- to its associated CloudHSM cluster.
--
-- The custom key store must be connected before you can create KMS keys in
-- the key store or use the KMS keys it contains. You can disconnect and
-- reconnect a custom key store at any time.
--
-- To connect a custom key store, its associated CloudHSM cluster must have
-- at least one active HSM. To get the number of active HSMs in a cluster,
-- use the
-- <https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html DescribeClusters>
-- operation. To add HSMs to the cluster, use the
-- <https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html CreateHsm>
-- operation. Also, the
-- <https://docs.aws.amazon.com/kms/latest/developerguide/key-store-concepts.html#concept-kmsuser kmsuser crypto user>
-- (CU) must not be logged into the cluster. This prevents KMS from using
-- this account to log in.
--
-- The connection process can take an extended amount of time to complete;
-- up to 20 minutes. This operation starts the connection process, but it
-- does not wait for it to complete. When it succeeds, this operation
-- quickly returns an HTTP 200 response and a JSON object with no
-- properties. However, this response does not indicate that the custom key
-- store is connected. To get the connection state of the custom key store,
-- use the DescribeCustomKeyStores operation.
--
-- During the connection process, KMS finds the CloudHSM cluster that is
-- associated with the custom key store, creates the connection
-- infrastructure, connects to the cluster, logs into the CloudHSM client
-- as the @kmsuser@ CU, and rotates its password.
--
-- The @ConnectCustomKeyStore@ operation might fail for various reasons. To
-- find the reason, use the DescribeCustomKeyStores operation and see the
-- @ConnectionErrorCode@ in the response. For help interpreting the
-- @ConnectionErrorCode@, see CustomKeyStoresListEntry.
--
-- To fix the failure, use the DisconnectCustomKeyStore operation to
-- disconnect the custom key store, correct the error, use the
-- UpdateCustomKeyStore operation if necessary, and then use
-- @ConnectCustomKeyStore@ again.
--
-- If you are having trouble connecting or disconnecting a custom key
-- store, see
-- <https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html Troubleshooting a Custom Key Store>
-- in the /Key Management Service Developer Guide/.
--
-- __Cross-account use__: No. You cannot perform this operation on a custom
-- key store in a different Amazon Web Services account.
--
-- __Required permissions__:
-- <https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html kms:ConnectCustomKeyStore>
-- (IAM policy)
--
-- __Related operations__
--
-- -   CreateCustomKeyStore
--
-- -   DeleteCustomKeyStore
--
-- -   DescribeCustomKeyStores
--
-- -   DisconnectCustomKeyStore
--
-- -   UpdateCustomKeyStore
module Amazonka.KMS.ConnectCustomKeyStore
  ( -- * Creating a Request
    ConnectCustomKeyStore (..),
    newConnectCustomKeyStore,

    -- * Request Lenses
    connectCustomKeyStore_customKeyStoreId,

    -- * Destructuring the Response
    ConnectCustomKeyStoreResponse (..),
    newConnectCustomKeyStoreResponse,

    -- * Response Lenses
    connectCustomKeyStoreResponse_httpStatus,
  )
where

import qualified Amazonka.Core as Core
import Amazonka.KMS.Types
import qualified Amazonka.Lens as Lens
import qualified Amazonka.Prelude as Prelude
import qualified Amazonka.Request as Request
import qualified Amazonka.Response as Response

-- | /See:/ 'newConnectCustomKeyStore' smart constructor.
data ConnectCustomKeyStore = ConnectCustomKeyStore'
  { -- | Enter the key store ID of the custom key store that you want to connect.
    -- To find the ID of a custom key store, use the DescribeCustomKeyStores
    -- operation.
    ConnectCustomKeyStore -> Text
customKeyStoreId :: Prelude.Text
  }
  deriving (ConnectCustomKeyStore -> ConnectCustomKeyStore -> Bool
(ConnectCustomKeyStore -> ConnectCustomKeyStore -> Bool)
-> (ConnectCustomKeyStore -> ConnectCustomKeyStore -> Bool)
-> Eq ConnectCustomKeyStore
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: ConnectCustomKeyStore -> ConnectCustomKeyStore -> Bool
$c/= :: ConnectCustomKeyStore -> ConnectCustomKeyStore -> Bool
== :: ConnectCustomKeyStore -> ConnectCustomKeyStore -> Bool
$c== :: ConnectCustomKeyStore -> ConnectCustomKeyStore -> Bool
Prelude.Eq, ReadPrec [ConnectCustomKeyStore]
ReadPrec ConnectCustomKeyStore
Int -> ReadS ConnectCustomKeyStore
ReadS [ConnectCustomKeyStore]
(Int -> ReadS ConnectCustomKeyStore)
-> ReadS [ConnectCustomKeyStore]
-> ReadPrec ConnectCustomKeyStore
-> ReadPrec [ConnectCustomKeyStore]
-> Read ConnectCustomKeyStore
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [ConnectCustomKeyStore]
$creadListPrec :: ReadPrec [ConnectCustomKeyStore]
readPrec :: ReadPrec ConnectCustomKeyStore
$creadPrec :: ReadPrec ConnectCustomKeyStore
readList :: ReadS [ConnectCustomKeyStore]
$creadList :: ReadS [ConnectCustomKeyStore]
readsPrec :: Int -> ReadS ConnectCustomKeyStore
$creadsPrec :: Int -> ReadS ConnectCustomKeyStore
Prelude.Read, Int -> ConnectCustomKeyStore -> ShowS
[ConnectCustomKeyStore] -> ShowS
ConnectCustomKeyStore -> String
(Int -> ConnectCustomKeyStore -> ShowS)
-> (ConnectCustomKeyStore -> String)
-> ([ConnectCustomKeyStore] -> ShowS)
-> Show ConnectCustomKeyStore
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [ConnectCustomKeyStore] -> ShowS
$cshowList :: [ConnectCustomKeyStore] -> ShowS
show :: ConnectCustomKeyStore -> String
$cshow :: ConnectCustomKeyStore -> String
showsPrec :: Int -> ConnectCustomKeyStore -> ShowS
$cshowsPrec :: Int -> ConnectCustomKeyStore -> ShowS
Prelude.Show, (forall x. ConnectCustomKeyStore -> Rep ConnectCustomKeyStore x)
-> (forall x. Rep ConnectCustomKeyStore x -> ConnectCustomKeyStore)
-> Generic ConnectCustomKeyStore
forall x. Rep ConnectCustomKeyStore x -> ConnectCustomKeyStore
forall x. ConnectCustomKeyStore -> Rep ConnectCustomKeyStore x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x. Rep ConnectCustomKeyStore x -> ConnectCustomKeyStore
$cfrom :: forall x. ConnectCustomKeyStore -> Rep ConnectCustomKeyStore x
Prelude.Generic)

-- |
-- Create a value of 'ConnectCustomKeyStore' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'customKeyStoreId', 'connectCustomKeyStore_customKeyStoreId' - Enter the key store ID of the custom key store that you want to connect.
-- To find the ID of a custom key store, use the DescribeCustomKeyStores
-- operation.
newConnectCustomKeyStore ::
  -- | 'customKeyStoreId'
  Prelude.Text ->
  ConnectCustomKeyStore
newConnectCustomKeyStore :: Text -> ConnectCustomKeyStore
newConnectCustomKeyStore Text
pCustomKeyStoreId_ =
  ConnectCustomKeyStore' :: Text -> ConnectCustomKeyStore
ConnectCustomKeyStore'
    { $sel:customKeyStoreId:ConnectCustomKeyStore' :: Text
customKeyStoreId =
        Text
pCustomKeyStoreId_
    }

-- | Enter the key store ID of the custom key store that you want to connect.
-- To find the ID of a custom key store, use the DescribeCustomKeyStores
-- operation.
connectCustomKeyStore_customKeyStoreId :: Lens.Lens' ConnectCustomKeyStore Prelude.Text
connectCustomKeyStore_customKeyStoreId :: (Text -> f Text)
-> ConnectCustomKeyStore -> f ConnectCustomKeyStore
connectCustomKeyStore_customKeyStoreId = (ConnectCustomKeyStore -> Text)
-> (ConnectCustomKeyStore -> Text -> ConnectCustomKeyStore)
-> Lens ConnectCustomKeyStore ConnectCustomKeyStore Text Text
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\ConnectCustomKeyStore' {Text
customKeyStoreId :: Text
$sel:customKeyStoreId:ConnectCustomKeyStore' :: ConnectCustomKeyStore -> Text
customKeyStoreId} -> Text
customKeyStoreId) (\s :: ConnectCustomKeyStore
s@ConnectCustomKeyStore' {} Text
a -> ConnectCustomKeyStore
s {$sel:customKeyStoreId:ConnectCustomKeyStore' :: Text
customKeyStoreId = Text
a} :: ConnectCustomKeyStore)

instance Core.AWSRequest ConnectCustomKeyStore where
  type
    AWSResponse ConnectCustomKeyStore =
      ConnectCustomKeyStoreResponse
  request :: ConnectCustomKeyStore -> Request ConnectCustomKeyStore
request = Service -> ConnectCustomKeyStore -> Request ConnectCustomKeyStore
forall a. (ToRequest a, ToJSON a) => Service -> a -> Request a
Request.postJSON Service
defaultService
  response :: Logger
-> Service
-> Proxy ConnectCustomKeyStore
-> ClientResponse ClientBody
-> m (Either
        Error (ClientResponse (AWSResponse ConnectCustomKeyStore)))
response =
    (Int
 -> ResponseHeaders
 -> ()
 -> Either String (AWSResponse ConnectCustomKeyStore))
-> Logger
-> Service
-> Proxy ConnectCustomKeyStore
-> ClientResponse ClientBody
-> m (Either
        Error (ClientResponse (AWSResponse ConnectCustomKeyStore)))
forall (m :: * -> *) a.
MonadResource m =>
(Int -> ResponseHeaders -> () -> Either String (AWSResponse a))
-> Logger
-> Service
-> Proxy a
-> ClientResponse ClientBody
-> m (Either Error (ClientResponse (AWSResponse a)))
Response.receiveEmpty
      ( \Int
s ResponseHeaders
h ()
x ->
          Int -> ConnectCustomKeyStoreResponse
ConnectCustomKeyStoreResponse'
            (Int -> ConnectCustomKeyStoreResponse)
-> Either String Int -> Either String ConnectCustomKeyStoreResponse
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> (Int -> Either String Int
forall (f :: * -> *) a. Applicative f => a -> f a
Prelude.pure (Int -> Int
forall a. Enum a => a -> Int
Prelude.fromEnum Int
s))
      )

instance Prelude.Hashable ConnectCustomKeyStore

instance Prelude.NFData ConnectCustomKeyStore

instance Core.ToHeaders ConnectCustomKeyStore where
  toHeaders :: ConnectCustomKeyStore -> ResponseHeaders
toHeaders =
    ResponseHeaders -> ConnectCustomKeyStore -> ResponseHeaders
forall a b. a -> b -> a
Prelude.const
      ( [ResponseHeaders] -> ResponseHeaders
forall a. Monoid a => [a] -> a
Prelude.mconcat
          [ HeaderName
"X-Amz-Target"
              HeaderName -> ByteString -> ResponseHeaders
forall a. ToHeader a => HeaderName -> a -> ResponseHeaders
Core.=# ( ByteString
"TrentService.ConnectCustomKeyStore" ::
                          Prelude.ByteString
                      ),
            HeaderName
"Content-Type"
              HeaderName -> ByteString -> ResponseHeaders
forall a. ToHeader a => HeaderName -> a -> ResponseHeaders
Core.=# ( ByteString
"application/x-amz-json-1.1" ::
                          Prelude.ByteString
                      )
          ]
      )

instance Core.ToJSON ConnectCustomKeyStore where
  toJSON :: ConnectCustomKeyStore -> Value
toJSON ConnectCustomKeyStore' {Text
customKeyStoreId :: Text
$sel:customKeyStoreId:ConnectCustomKeyStore' :: ConnectCustomKeyStore -> Text
..} =
    [Pair] -> Value
Core.object
      ( [Maybe Pair] -> [Pair]
forall a. [Maybe a] -> [a]
Prelude.catMaybes
          [ Pair -> Maybe Pair
forall a. a -> Maybe a
Prelude.Just
              (Text
"CustomKeyStoreId" Text -> Text -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..= Text
customKeyStoreId)
          ]
      )

instance Core.ToPath ConnectCustomKeyStore where
  toPath :: ConnectCustomKeyStore -> ByteString
toPath = ByteString -> ConnectCustomKeyStore -> ByteString
forall a b. a -> b -> a
Prelude.const ByteString
"/"

instance Core.ToQuery ConnectCustomKeyStore where
  toQuery :: ConnectCustomKeyStore -> QueryString
toQuery = QueryString -> ConnectCustomKeyStore -> QueryString
forall a b. a -> b -> a
Prelude.const QueryString
forall a. Monoid a => a
Prelude.mempty

-- | /See:/ 'newConnectCustomKeyStoreResponse' smart constructor.
data ConnectCustomKeyStoreResponse = ConnectCustomKeyStoreResponse'
  { -- | The response's http status code.
    ConnectCustomKeyStoreResponse -> Int
httpStatus :: Prelude.Int
  }
  deriving (ConnectCustomKeyStoreResponse
-> ConnectCustomKeyStoreResponse -> Bool
(ConnectCustomKeyStoreResponse
 -> ConnectCustomKeyStoreResponse -> Bool)
-> (ConnectCustomKeyStoreResponse
    -> ConnectCustomKeyStoreResponse -> Bool)
-> Eq ConnectCustomKeyStoreResponse
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: ConnectCustomKeyStoreResponse
-> ConnectCustomKeyStoreResponse -> Bool
$c/= :: ConnectCustomKeyStoreResponse
-> ConnectCustomKeyStoreResponse -> Bool
== :: ConnectCustomKeyStoreResponse
-> ConnectCustomKeyStoreResponse -> Bool
$c== :: ConnectCustomKeyStoreResponse
-> ConnectCustomKeyStoreResponse -> Bool
Prelude.Eq, ReadPrec [ConnectCustomKeyStoreResponse]
ReadPrec ConnectCustomKeyStoreResponse
Int -> ReadS ConnectCustomKeyStoreResponse
ReadS [ConnectCustomKeyStoreResponse]
(Int -> ReadS ConnectCustomKeyStoreResponse)
-> ReadS [ConnectCustomKeyStoreResponse]
-> ReadPrec ConnectCustomKeyStoreResponse
-> ReadPrec [ConnectCustomKeyStoreResponse]
-> Read ConnectCustomKeyStoreResponse
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [ConnectCustomKeyStoreResponse]
$creadListPrec :: ReadPrec [ConnectCustomKeyStoreResponse]
readPrec :: ReadPrec ConnectCustomKeyStoreResponse
$creadPrec :: ReadPrec ConnectCustomKeyStoreResponse
readList :: ReadS [ConnectCustomKeyStoreResponse]
$creadList :: ReadS [ConnectCustomKeyStoreResponse]
readsPrec :: Int -> ReadS ConnectCustomKeyStoreResponse
$creadsPrec :: Int -> ReadS ConnectCustomKeyStoreResponse
Prelude.Read, Int -> ConnectCustomKeyStoreResponse -> ShowS
[ConnectCustomKeyStoreResponse] -> ShowS
ConnectCustomKeyStoreResponse -> String
(Int -> ConnectCustomKeyStoreResponse -> ShowS)
-> (ConnectCustomKeyStoreResponse -> String)
-> ([ConnectCustomKeyStoreResponse] -> ShowS)
-> Show ConnectCustomKeyStoreResponse
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [ConnectCustomKeyStoreResponse] -> ShowS
$cshowList :: [ConnectCustomKeyStoreResponse] -> ShowS
show :: ConnectCustomKeyStoreResponse -> String
$cshow :: ConnectCustomKeyStoreResponse -> String
showsPrec :: Int -> ConnectCustomKeyStoreResponse -> ShowS
$cshowsPrec :: Int -> ConnectCustomKeyStoreResponse -> ShowS
Prelude.Show, (forall x.
 ConnectCustomKeyStoreResponse
 -> Rep ConnectCustomKeyStoreResponse x)
-> (forall x.
    Rep ConnectCustomKeyStoreResponse x
    -> ConnectCustomKeyStoreResponse)
-> Generic ConnectCustomKeyStoreResponse
forall x.
Rep ConnectCustomKeyStoreResponse x
-> ConnectCustomKeyStoreResponse
forall x.
ConnectCustomKeyStoreResponse
-> Rep ConnectCustomKeyStoreResponse x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x.
Rep ConnectCustomKeyStoreResponse x
-> ConnectCustomKeyStoreResponse
$cfrom :: forall x.
ConnectCustomKeyStoreResponse
-> Rep ConnectCustomKeyStoreResponse x
Prelude.Generic)

-- |
-- Create a value of 'ConnectCustomKeyStoreResponse' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'httpStatus', 'connectCustomKeyStoreResponse_httpStatus' - The response's http status code.
newConnectCustomKeyStoreResponse ::
  -- | 'httpStatus'
  Prelude.Int ->
  ConnectCustomKeyStoreResponse
newConnectCustomKeyStoreResponse :: Int -> ConnectCustomKeyStoreResponse
newConnectCustomKeyStoreResponse Int
pHttpStatus_ =
  ConnectCustomKeyStoreResponse' :: Int -> ConnectCustomKeyStoreResponse
ConnectCustomKeyStoreResponse'
    { $sel:httpStatus:ConnectCustomKeyStoreResponse' :: Int
httpStatus =
        Int
pHttpStatus_
    }

-- | The response's http status code.
connectCustomKeyStoreResponse_httpStatus :: Lens.Lens' ConnectCustomKeyStoreResponse Prelude.Int
connectCustomKeyStoreResponse_httpStatus :: (Int -> f Int)
-> ConnectCustomKeyStoreResponse -> f ConnectCustomKeyStoreResponse
connectCustomKeyStoreResponse_httpStatus = (ConnectCustomKeyStoreResponse -> Int)
-> (ConnectCustomKeyStoreResponse
    -> Int -> ConnectCustomKeyStoreResponse)
-> Lens
     ConnectCustomKeyStoreResponse ConnectCustomKeyStoreResponse Int Int
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\ConnectCustomKeyStoreResponse' {Int
httpStatus :: Int
$sel:httpStatus:ConnectCustomKeyStoreResponse' :: ConnectCustomKeyStoreResponse -> Int
httpStatus} -> Int
httpStatus) (\s :: ConnectCustomKeyStoreResponse
s@ConnectCustomKeyStoreResponse' {} Int
a -> ConnectCustomKeyStoreResponse
s {$sel:httpStatus:ConnectCustomKeyStoreResponse' :: Int
httpStatus = Int
a} :: ConnectCustomKeyStoreResponse)

instance Prelude.NFData ConnectCustomKeyStoreResponse