{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE TypeFamilies #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-binds #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.KMS.ListRetirableGrants
-- Copyright   : (c) 2013-2021 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
--
-- Returns information about all grants in the Amazon Web Services account
-- and Region that have the specified retiring principal.
--
-- You can specify any principal in your Amazon Web Services account. The
-- grants that are returned include grants for KMS keys in your Amazon Web
-- Services account and other Amazon Web Services accounts. You might use
-- this operation to determine which grants you may retire. To retire a
-- grant, use the RetireGrant operation.
--
-- For detailed information about grants, including grant terminology, see
-- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html Using grants>
-- in the //Key Management Service Developer Guide// . For examples of
-- working with grants in several programming languages, see
-- <https://docs.aws.amazon.com/kms/latest/developerguide/programming-grants.html Programming grants>.
--
-- __Cross-account use__: You must specify a principal in your Amazon Web
-- Services account. However, this operation can return grants in any
-- Amazon Web Services account. You do not need @kms:ListRetirableGrants@
-- permission (or any other additional permission) in any Amazon Web
-- Services account other than your own.
--
-- __Required permissions__:
-- <https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html kms:ListRetirableGrants>
-- (IAM policy) in your Amazon Web Services account.
--
-- __Related operations:__
--
-- -   CreateGrant
--
-- -   ListGrants
--
-- -   RetireGrant
--
-- -   RevokeGrant
module Amazonka.KMS.ListRetirableGrants
  ( -- * Creating a Request
    ListRetirableGrants (..),
    newListRetirableGrants,

    -- * Request Lenses
    listRetirableGrants_marker,
    listRetirableGrants_limit,
    listRetirableGrants_retiringPrincipal,

    -- * Destructuring the Response
    ListGrantsResponse (..),
    newListGrantsResponse,

    -- * Response Lenses
    listGrantsResponse_truncated,
    listGrantsResponse_grants,
    listGrantsResponse_nextMarker,
  )
where

import qualified Amazonka.Core as Core
import Amazonka.KMS.Types
import qualified Amazonka.Lens as Lens
import qualified Amazonka.Prelude as Prelude
import qualified Amazonka.Request as Request
import qualified Amazonka.Response as Response

-- | /See:/ 'newListRetirableGrants' smart constructor.
data ListRetirableGrants = ListRetirableGrants'
  { -- | Use this parameter in a subsequent request after you receive a response
    -- with truncated results. Set it to the value of @NextMarker@ from the
    -- truncated response you just received.
    ListRetirableGrants -> Maybe Text
marker :: Prelude.Maybe Prelude.Text,
    -- | Use this parameter to specify the maximum number of items to return.
    -- When this value is present, KMS does not return more than the specified
    -- number of items, but it might return fewer.
    --
    -- This value is optional. If you include a value, it must be between 1 and
    -- 100, inclusive. If you do not include a value, it defaults to 50.
    ListRetirableGrants -> Maybe Natural
limit :: Prelude.Maybe Prelude.Natural,
    -- | The retiring principal for which to list grants. Enter a principal in
    -- your Amazon Web Services account.
    --
    -- To specify the retiring principal, use the
    -- <https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Name (ARN)>
    -- of an Amazon Web Services principal. Valid Amazon Web Services
    -- principals include Amazon Web Services accounts (root), IAM users,
    -- federated users, and assumed role users. For examples of the ARN syntax
    -- for specifying a principal, see
    -- <https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-iam Amazon Web Services Identity and Access Management (IAM)>
    -- in the Example ARNs section of the /Amazon Web Services General
    -- Reference/.
    ListRetirableGrants -> Text
retiringPrincipal :: Prelude.Text
  }
  deriving (ListRetirableGrants -> ListRetirableGrants -> Bool
(ListRetirableGrants -> ListRetirableGrants -> Bool)
-> (ListRetirableGrants -> ListRetirableGrants -> Bool)
-> Eq ListRetirableGrants
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: ListRetirableGrants -> ListRetirableGrants -> Bool
$c/= :: ListRetirableGrants -> ListRetirableGrants -> Bool
== :: ListRetirableGrants -> ListRetirableGrants -> Bool
$c== :: ListRetirableGrants -> ListRetirableGrants -> Bool
Prelude.Eq, ReadPrec [ListRetirableGrants]
ReadPrec ListRetirableGrants
Int -> ReadS ListRetirableGrants
ReadS [ListRetirableGrants]
(Int -> ReadS ListRetirableGrants)
-> ReadS [ListRetirableGrants]
-> ReadPrec ListRetirableGrants
-> ReadPrec [ListRetirableGrants]
-> Read ListRetirableGrants
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [ListRetirableGrants]
$creadListPrec :: ReadPrec [ListRetirableGrants]
readPrec :: ReadPrec ListRetirableGrants
$creadPrec :: ReadPrec ListRetirableGrants
readList :: ReadS [ListRetirableGrants]
$creadList :: ReadS [ListRetirableGrants]
readsPrec :: Int -> ReadS ListRetirableGrants
$creadsPrec :: Int -> ReadS ListRetirableGrants
Prelude.Read, Int -> ListRetirableGrants -> ShowS
[ListRetirableGrants] -> ShowS
ListRetirableGrants -> String
(Int -> ListRetirableGrants -> ShowS)
-> (ListRetirableGrants -> String)
-> ([ListRetirableGrants] -> ShowS)
-> Show ListRetirableGrants
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [ListRetirableGrants] -> ShowS
$cshowList :: [ListRetirableGrants] -> ShowS
show :: ListRetirableGrants -> String
$cshow :: ListRetirableGrants -> String
showsPrec :: Int -> ListRetirableGrants -> ShowS
$cshowsPrec :: Int -> ListRetirableGrants -> ShowS
Prelude.Show, (forall x. ListRetirableGrants -> Rep ListRetirableGrants x)
-> (forall x. Rep ListRetirableGrants x -> ListRetirableGrants)
-> Generic ListRetirableGrants
forall x. Rep ListRetirableGrants x -> ListRetirableGrants
forall x. ListRetirableGrants -> Rep ListRetirableGrants x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x. Rep ListRetirableGrants x -> ListRetirableGrants
$cfrom :: forall x. ListRetirableGrants -> Rep ListRetirableGrants x
Prelude.Generic)

-- |
-- Create a value of 'ListRetirableGrants' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'marker', 'listRetirableGrants_marker' - Use this parameter in a subsequent request after you receive a response
-- with truncated results. Set it to the value of @NextMarker@ from the
-- truncated response you just received.
--
-- 'limit', 'listRetirableGrants_limit' - Use this parameter to specify the maximum number of items to return.
-- When this value is present, KMS does not return more than the specified
-- number of items, but it might return fewer.
--
-- This value is optional. If you include a value, it must be between 1 and
-- 100, inclusive. If you do not include a value, it defaults to 50.
--
-- 'retiringPrincipal', 'listRetirableGrants_retiringPrincipal' - The retiring principal for which to list grants. Enter a principal in
-- your Amazon Web Services account.
--
-- To specify the retiring principal, use the
-- <https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Name (ARN)>
-- of an Amazon Web Services principal. Valid Amazon Web Services
-- principals include Amazon Web Services accounts (root), IAM users,
-- federated users, and assumed role users. For examples of the ARN syntax
-- for specifying a principal, see
-- <https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-iam Amazon Web Services Identity and Access Management (IAM)>
-- in the Example ARNs section of the /Amazon Web Services General
-- Reference/.
newListRetirableGrants ::
  -- | 'retiringPrincipal'
  Prelude.Text ->
  ListRetirableGrants
newListRetirableGrants :: Text -> ListRetirableGrants
newListRetirableGrants Text
pRetiringPrincipal_ =
  ListRetirableGrants' :: Maybe Text -> Maybe Natural -> Text -> ListRetirableGrants
ListRetirableGrants'
    { $sel:marker:ListRetirableGrants' :: Maybe Text
marker = Maybe Text
forall a. Maybe a
Prelude.Nothing,
      $sel:limit:ListRetirableGrants' :: Maybe Natural
limit = Maybe Natural
forall a. Maybe a
Prelude.Nothing,
      $sel:retiringPrincipal:ListRetirableGrants' :: Text
retiringPrincipal = Text
pRetiringPrincipal_
    }

-- | Use this parameter in a subsequent request after you receive a response
-- with truncated results. Set it to the value of @NextMarker@ from the
-- truncated response you just received.
listRetirableGrants_marker :: Lens.Lens' ListRetirableGrants (Prelude.Maybe Prelude.Text)
listRetirableGrants_marker :: (Maybe Text -> f (Maybe Text))
-> ListRetirableGrants -> f ListRetirableGrants
listRetirableGrants_marker = (ListRetirableGrants -> Maybe Text)
-> (ListRetirableGrants -> Maybe Text -> ListRetirableGrants)
-> Lens
     ListRetirableGrants ListRetirableGrants (Maybe Text) (Maybe Text)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\ListRetirableGrants' {Maybe Text
marker :: Maybe Text
$sel:marker:ListRetirableGrants' :: ListRetirableGrants -> Maybe Text
marker} -> Maybe Text
marker) (\s :: ListRetirableGrants
s@ListRetirableGrants' {} Maybe Text
a -> ListRetirableGrants
s {$sel:marker:ListRetirableGrants' :: Maybe Text
marker = Maybe Text
a} :: ListRetirableGrants)

-- | Use this parameter to specify the maximum number of items to return.
-- When this value is present, KMS does not return more than the specified
-- number of items, but it might return fewer.
--
-- This value is optional. If you include a value, it must be between 1 and
-- 100, inclusive. If you do not include a value, it defaults to 50.
listRetirableGrants_limit :: Lens.Lens' ListRetirableGrants (Prelude.Maybe Prelude.Natural)
listRetirableGrants_limit :: (Maybe Natural -> f (Maybe Natural))
-> ListRetirableGrants -> f ListRetirableGrants
listRetirableGrants_limit = (ListRetirableGrants -> Maybe Natural)
-> (ListRetirableGrants -> Maybe Natural -> ListRetirableGrants)
-> Lens
     ListRetirableGrants
     ListRetirableGrants
     (Maybe Natural)
     (Maybe Natural)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\ListRetirableGrants' {Maybe Natural
limit :: Maybe Natural
$sel:limit:ListRetirableGrants' :: ListRetirableGrants -> Maybe Natural
limit} -> Maybe Natural
limit) (\s :: ListRetirableGrants
s@ListRetirableGrants' {} Maybe Natural
a -> ListRetirableGrants
s {$sel:limit:ListRetirableGrants' :: Maybe Natural
limit = Maybe Natural
a} :: ListRetirableGrants)

-- | The retiring principal for which to list grants. Enter a principal in
-- your Amazon Web Services account.
--
-- To specify the retiring principal, use the
-- <https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Name (ARN)>
-- of an Amazon Web Services principal. Valid Amazon Web Services
-- principals include Amazon Web Services accounts (root), IAM users,
-- federated users, and assumed role users. For examples of the ARN syntax
-- for specifying a principal, see
-- <https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-iam Amazon Web Services Identity and Access Management (IAM)>
-- in the Example ARNs section of the /Amazon Web Services General
-- Reference/.
listRetirableGrants_retiringPrincipal :: Lens.Lens' ListRetirableGrants Prelude.Text
listRetirableGrants_retiringPrincipal :: (Text -> f Text) -> ListRetirableGrants -> f ListRetirableGrants
listRetirableGrants_retiringPrincipal = (ListRetirableGrants -> Text)
-> (ListRetirableGrants -> Text -> ListRetirableGrants)
-> Lens ListRetirableGrants ListRetirableGrants Text Text
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\ListRetirableGrants' {Text
retiringPrincipal :: Text
$sel:retiringPrincipal:ListRetirableGrants' :: ListRetirableGrants -> Text
retiringPrincipal} -> Text
retiringPrincipal) (\s :: ListRetirableGrants
s@ListRetirableGrants' {} Text
a -> ListRetirableGrants
s {$sel:retiringPrincipal:ListRetirableGrants' :: Text
retiringPrincipal = Text
a} :: ListRetirableGrants)

instance Core.AWSRequest ListRetirableGrants where
  type
    AWSResponse ListRetirableGrants =
      ListGrantsResponse
  request :: ListRetirableGrants -> Request ListRetirableGrants
request = Service -> ListRetirableGrants -> Request ListRetirableGrants
forall a. (ToRequest a, ToJSON a) => Service -> a -> Request a
Request.postJSON Service
defaultService
  response :: Logger
-> Service
-> Proxy ListRetirableGrants
-> ClientResponse ClientBody
-> m (Either
        Error (ClientResponse (AWSResponse ListRetirableGrants)))
response =
    (Int
 -> ResponseHeaders
 -> Object
 -> Either String (AWSResponse ListRetirableGrants))
-> Logger
-> Service
-> Proxy ListRetirableGrants
-> ClientResponse ClientBody
-> m (Either
        Error (ClientResponse (AWSResponse ListRetirableGrants)))
forall (m :: * -> *) a.
MonadResource m =>
(Int -> ResponseHeaders -> Object -> Either String (AWSResponse a))
-> Logger
-> Service
-> Proxy a
-> ClientResponse ClientBody
-> m (Either Error (ClientResponse (AWSResponse a)))
Response.receiveJSON
      (\Int
s ResponseHeaders
h Object
x -> Object -> Either String ListGrantsResponse
forall a. FromJSON a => Object -> Either String a
Core.eitherParseJSON Object
x)

instance Prelude.Hashable ListRetirableGrants

instance Prelude.NFData ListRetirableGrants

instance Core.ToHeaders ListRetirableGrants where
  toHeaders :: ListRetirableGrants -> ResponseHeaders
toHeaders =
    ResponseHeaders -> ListRetirableGrants -> ResponseHeaders
forall a b. a -> b -> a
Prelude.const
      ( [ResponseHeaders] -> ResponseHeaders
forall a. Monoid a => [a] -> a
Prelude.mconcat
          [ HeaderName
"X-Amz-Target"
              HeaderName -> ByteString -> ResponseHeaders
forall a. ToHeader a => HeaderName -> a -> ResponseHeaders
Core.=# ( ByteString
"TrentService.ListRetirableGrants" ::
                          Prelude.ByteString
                      ),
            HeaderName
"Content-Type"
              HeaderName -> ByteString -> ResponseHeaders
forall a. ToHeader a => HeaderName -> a -> ResponseHeaders
Core.=# ( ByteString
"application/x-amz-json-1.1" ::
                          Prelude.ByteString
                      )
          ]
      )

instance Core.ToJSON ListRetirableGrants where
  toJSON :: ListRetirableGrants -> Value
toJSON ListRetirableGrants' {Maybe Natural
Maybe Text
Text
retiringPrincipal :: Text
limit :: Maybe Natural
marker :: Maybe Text
$sel:retiringPrincipal:ListRetirableGrants' :: ListRetirableGrants -> Text
$sel:limit:ListRetirableGrants' :: ListRetirableGrants -> Maybe Natural
$sel:marker:ListRetirableGrants' :: ListRetirableGrants -> Maybe Text
..} =
    [Pair] -> Value
Core.object
      ( [Maybe Pair] -> [Pair]
forall a. [Maybe a] -> [a]
Prelude.catMaybes
          [ (Text
"Marker" Text -> Text -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..=) (Text -> Pair) -> Maybe Text -> Maybe Pair
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe Text
marker,
            (Text
"Limit" Text -> Natural -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..=) (Natural -> Pair) -> Maybe Natural -> Maybe Pair
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe Natural
limit,
            Pair -> Maybe Pair
forall a. a -> Maybe a
Prelude.Just
              (Text
"RetiringPrincipal" Text -> Text -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..= Text
retiringPrincipal)
          ]
      )

instance Core.ToPath ListRetirableGrants where
  toPath :: ListRetirableGrants -> ByteString
toPath = ByteString -> ListRetirableGrants -> ByteString
forall a b. a -> b -> a
Prelude.const ByteString
"/"

instance Core.ToQuery ListRetirableGrants where
  toQuery :: ListRetirableGrants -> QueryString
toQuery = QueryString -> ListRetirableGrants -> QueryString
forall a b. a -> b -> a
Prelude.const QueryString
forall a. Monoid a => a
Prelude.mempty