{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE TypeFamilies #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-binds #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.KMS.RetireGrant
-- Copyright   : (c) 2013-2021 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
--
-- Deletes a grant. Typically, you retire a grant when you no longer need
-- its permissions. To identify the grant to retire, use a
-- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token grant token>,
-- or both the grant ID and a key identifier (key ID or key ARN) of the KMS
-- key. The CreateGrant operation returns both values.
--
-- This operation can be called by the /retiring principal/ for a grant, by
-- the /grantee principal/ if the grant allows the @RetireGrant@ operation,
-- and by the Amazon Web Services account (root user) in which the grant is
-- created. It can also be called by principals to whom permission for
-- retiring a grant is delegated. For details, see
-- <https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#grant-delete Retiring and revoking grants>
-- in the /Key Management Service Developer Guide/.
--
-- For detailed information about grants, including grant terminology, see
-- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html Using grants>
-- in the //Key Management Service Developer Guide// . For examples of
-- working with grants in several programming languages, see
-- <https://docs.aws.amazon.com/kms/latest/developerguide/programming-grants.html Programming grants>.
--
-- __Cross-account use__: Yes. You can retire a grant on a KMS key in a
-- different Amazon Web Services account.
--
-- __Required permissions:__:Permission to retire a grant is determined
-- primarily by the grant. For details, see
-- <https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#grant-delete Retiring and revoking grants>
-- in the /Key Management Service Developer Guide/.
--
-- __Related operations:__
--
-- -   CreateGrant
--
-- -   ListGrants
--
-- -   ListRetirableGrants
--
-- -   RevokeGrant
module Amazonka.KMS.RetireGrant
  ( -- * Creating a Request
    RetireGrant (..),
    newRetireGrant,

    -- * Request Lenses
    retireGrant_keyId,
    retireGrant_grantId,
    retireGrant_grantToken,

    -- * Destructuring the Response
    RetireGrantResponse (..),
    newRetireGrantResponse,
  )
where

import qualified Amazonka.Core as Core
import Amazonka.KMS.Types
import qualified Amazonka.Lens as Lens
import qualified Amazonka.Prelude as Prelude
import qualified Amazonka.Request as Request
import qualified Amazonka.Response as Response

-- | /See:/ 'newRetireGrant' smart constructor.
data RetireGrant = RetireGrant'
  { -- | The key ARN KMS key associated with the grant. To find the key ARN, use
    -- the ListKeys operation.
    --
    -- For example:
    -- @arn:aws:kms:us-east-2:444455556666:key\/1234abcd-12ab-34cd-56ef-1234567890ab@
    RetireGrant -> Maybe Text
keyId :: Prelude.Maybe Prelude.Text,
    -- | Identifies the grant to retire. To get the grant ID, use CreateGrant,
    -- ListGrants, or ListRetirableGrants.
    --
    -- -   Grant ID Example -
    --     0123456789012345678901234567890123456789012345678901234567890123
    RetireGrant -> Maybe Text
grantId :: Prelude.Maybe Prelude.Text,
    -- | Identifies the grant to be retired. You can use a grant token to
    -- identify a new grant even before it has achieved eventual consistency.
    --
    -- Only the CreateGrant operation returns a grant token. For details, see
    -- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token Grant token>
    -- and
    -- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#terms-eventual-consistency Eventual consistency>
    -- in the /Key Management Service Developer Guide/.
    RetireGrant -> Maybe Text
grantToken :: Prelude.Maybe Prelude.Text
  }
  deriving (RetireGrant -> RetireGrant -> Bool
(RetireGrant -> RetireGrant -> Bool)
-> (RetireGrant -> RetireGrant -> Bool) -> Eq RetireGrant
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: RetireGrant -> RetireGrant -> Bool
$c/= :: RetireGrant -> RetireGrant -> Bool
== :: RetireGrant -> RetireGrant -> Bool
$c== :: RetireGrant -> RetireGrant -> Bool
Prelude.Eq, ReadPrec [RetireGrant]
ReadPrec RetireGrant
Int -> ReadS RetireGrant
ReadS [RetireGrant]
(Int -> ReadS RetireGrant)
-> ReadS [RetireGrant]
-> ReadPrec RetireGrant
-> ReadPrec [RetireGrant]
-> Read RetireGrant
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [RetireGrant]
$creadListPrec :: ReadPrec [RetireGrant]
readPrec :: ReadPrec RetireGrant
$creadPrec :: ReadPrec RetireGrant
readList :: ReadS [RetireGrant]
$creadList :: ReadS [RetireGrant]
readsPrec :: Int -> ReadS RetireGrant
$creadsPrec :: Int -> ReadS RetireGrant
Prelude.Read, Int -> RetireGrant -> ShowS
[RetireGrant] -> ShowS
RetireGrant -> String
(Int -> RetireGrant -> ShowS)
-> (RetireGrant -> String)
-> ([RetireGrant] -> ShowS)
-> Show RetireGrant
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [RetireGrant] -> ShowS
$cshowList :: [RetireGrant] -> ShowS
show :: RetireGrant -> String
$cshow :: RetireGrant -> String
showsPrec :: Int -> RetireGrant -> ShowS
$cshowsPrec :: Int -> RetireGrant -> ShowS
Prelude.Show, (forall x. RetireGrant -> Rep RetireGrant x)
-> (forall x. Rep RetireGrant x -> RetireGrant)
-> Generic RetireGrant
forall x. Rep RetireGrant x -> RetireGrant
forall x. RetireGrant -> Rep RetireGrant x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x. Rep RetireGrant x -> RetireGrant
$cfrom :: forall x. RetireGrant -> Rep RetireGrant x
Prelude.Generic)

-- |
-- Create a value of 'RetireGrant' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'keyId', 'retireGrant_keyId' - The key ARN KMS key associated with the grant. To find the key ARN, use
-- the ListKeys operation.
--
-- For example:
-- @arn:aws:kms:us-east-2:444455556666:key\/1234abcd-12ab-34cd-56ef-1234567890ab@
--
-- 'grantId', 'retireGrant_grantId' - Identifies the grant to retire. To get the grant ID, use CreateGrant,
-- ListGrants, or ListRetirableGrants.
--
-- -   Grant ID Example -
--     0123456789012345678901234567890123456789012345678901234567890123
--
-- 'grantToken', 'retireGrant_grantToken' - Identifies the grant to be retired. You can use a grant token to
-- identify a new grant even before it has achieved eventual consistency.
--
-- Only the CreateGrant operation returns a grant token. For details, see
-- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token Grant token>
-- and
-- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#terms-eventual-consistency Eventual consistency>
-- in the /Key Management Service Developer Guide/.
newRetireGrant ::
  RetireGrant
newRetireGrant :: RetireGrant
newRetireGrant =
  RetireGrant' :: Maybe Text -> Maybe Text -> Maybe Text -> RetireGrant
RetireGrant'
    { $sel:keyId:RetireGrant' :: Maybe Text
keyId = Maybe Text
forall a. Maybe a
Prelude.Nothing,
      $sel:grantId:RetireGrant' :: Maybe Text
grantId = Maybe Text
forall a. Maybe a
Prelude.Nothing,
      $sel:grantToken:RetireGrant' :: Maybe Text
grantToken = Maybe Text
forall a. Maybe a
Prelude.Nothing
    }

-- | The key ARN KMS key associated with the grant. To find the key ARN, use
-- the ListKeys operation.
--
-- For example:
-- @arn:aws:kms:us-east-2:444455556666:key\/1234abcd-12ab-34cd-56ef-1234567890ab@
retireGrant_keyId :: Lens.Lens' RetireGrant (Prelude.Maybe Prelude.Text)
retireGrant_keyId :: (Maybe Text -> f (Maybe Text)) -> RetireGrant -> f RetireGrant
retireGrant_keyId = (RetireGrant -> Maybe Text)
-> (RetireGrant -> Maybe Text -> RetireGrant)
-> Lens RetireGrant RetireGrant (Maybe Text) (Maybe Text)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\RetireGrant' {Maybe Text
keyId :: Maybe Text
$sel:keyId:RetireGrant' :: RetireGrant -> Maybe Text
keyId} -> Maybe Text
keyId) (\s :: RetireGrant
s@RetireGrant' {} Maybe Text
a -> RetireGrant
s {$sel:keyId:RetireGrant' :: Maybe Text
keyId = Maybe Text
a} :: RetireGrant)

-- | Identifies the grant to retire. To get the grant ID, use CreateGrant,
-- ListGrants, or ListRetirableGrants.
--
-- -   Grant ID Example -
--     0123456789012345678901234567890123456789012345678901234567890123
retireGrant_grantId :: Lens.Lens' RetireGrant (Prelude.Maybe Prelude.Text)
retireGrant_grantId :: (Maybe Text -> f (Maybe Text)) -> RetireGrant -> f RetireGrant
retireGrant_grantId = (RetireGrant -> Maybe Text)
-> (RetireGrant -> Maybe Text -> RetireGrant)
-> Lens RetireGrant RetireGrant (Maybe Text) (Maybe Text)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\RetireGrant' {Maybe Text
grantId :: Maybe Text
$sel:grantId:RetireGrant' :: RetireGrant -> Maybe Text
grantId} -> Maybe Text
grantId) (\s :: RetireGrant
s@RetireGrant' {} Maybe Text
a -> RetireGrant
s {$sel:grantId:RetireGrant' :: Maybe Text
grantId = Maybe Text
a} :: RetireGrant)

-- | Identifies the grant to be retired. You can use a grant token to
-- identify a new grant even before it has achieved eventual consistency.
--
-- Only the CreateGrant operation returns a grant token. For details, see
-- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token Grant token>
-- and
-- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#terms-eventual-consistency Eventual consistency>
-- in the /Key Management Service Developer Guide/.
retireGrant_grantToken :: Lens.Lens' RetireGrant (Prelude.Maybe Prelude.Text)
retireGrant_grantToken :: (Maybe Text -> f (Maybe Text)) -> RetireGrant -> f RetireGrant
retireGrant_grantToken = (RetireGrant -> Maybe Text)
-> (RetireGrant -> Maybe Text -> RetireGrant)
-> Lens RetireGrant RetireGrant (Maybe Text) (Maybe Text)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\RetireGrant' {Maybe Text
grantToken :: Maybe Text
$sel:grantToken:RetireGrant' :: RetireGrant -> Maybe Text
grantToken} -> Maybe Text
grantToken) (\s :: RetireGrant
s@RetireGrant' {} Maybe Text
a -> RetireGrant
s {$sel:grantToken:RetireGrant' :: Maybe Text
grantToken = Maybe Text
a} :: RetireGrant)

instance Core.AWSRequest RetireGrant where
  type AWSResponse RetireGrant = RetireGrantResponse
  request :: RetireGrant -> Request RetireGrant
request = Service -> RetireGrant -> Request RetireGrant
forall a. (ToRequest a, ToJSON a) => Service -> a -> Request a
Request.postJSON Service
defaultService
  response :: Logger
-> Service
-> Proxy RetireGrant
-> ClientResponse ClientBody
-> m (Either Error (ClientResponse (AWSResponse RetireGrant)))
response = AWSResponse RetireGrant
-> Logger
-> Service
-> Proxy RetireGrant
-> ClientResponse ClientBody
-> m (Either Error (ClientResponse (AWSResponse RetireGrant)))
forall (m :: * -> *) a.
MonadResource m =>
AWSResponse a
-> Logger
-> Service
-> Proxy a
-> ClientResponse ClientBody
-> m (Either Error (ClientResponse (AWSResponse a)))
Response.receiveNull AWSResponse RetireGrant
RetireGrantResponse
RetireGrantResponse'

instance Prelude.Hashable RetireGrant

instance Prelude.NFData RetireGrant

instance Core.ToHeaders RetireGrant where
  toHeaders :: RetireGrant -> [Header]
toHeaders =
    [Header] -> RetireGrant -> [Header]
forall a b. a -> b -> a
Prelude.const
      ( [[Header]] -> [Header]
forall a. Monoid a => [a] -> a
Prelude.mconcat
          [ HeaderName
"X-Amz-Target"
              HeaderName -> ByteString -> [Header]
forall a. ToHeader a => HeaderName -> a -> [Header]
Core.=# (ByteString
"TrentService.RetireGrant" :: Prelude.ByteString),
            HeaderName
"Content-Type"
              HeaderName -> ByteString -> [Header]
forall a. ToHeader a => HeaderName -> a -> [Header]
Core.=# ( ByteString
"application/x-amz-json-1.1" ::
                          Prelude.ByteString
                      )
          ]
      )

instance Core.ToJSON RetireGrant where
  toJSON :: RetireGrant -> Value
toJSON RetireGrant' {Maybe Text
grantToken :: Maybe Text
grantId :: Maybe Text
keyId :: Maybe Text
$sel:grantToken:RetireGrant' :: RetireGrant -> Maybe Text
$sel:grantId:RetireGrant' :: RetireGrant -> Maybe Text
$sel:keyId:RetireGrant' :: RetireGrant -> Maybe Text
..} =
    [Pair] -> Value
Core.object
      ( [Maybe Pair] -> [Pair]
forall a. [Maybe a] -> [a]
Prelude.catMaybes
          [ (Text
"KeyId" Text -> Text -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..=) (Text -> Pair) -> Maybe Text -> Maybe Pair
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe Text
keyId,
            (Text
"GrantId" Text -> Text -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..=) (Text -> Pair) -> Maybe Text -> Maybe Pair
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe Text
grantId,
            (Text
"GrantToken" Text -> Text -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..=) (Text -> Pair) -> Maybe Text -> Maybe Pair
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe Text
grantToken
          ]
      )

instance Core.ToPath RetireGrant where
  toPath :: RetireGrant -> ByteString
toPath = ByteString -> RetireGrant -> ByteString
forall a b. a -> b -> a
Prelude.const ByteString
"/"

instance Core.ToQuery RetireGrant where
  toQuery :: RetireGrant -> QueryString
toQuery = QueryString -> RetireGrant -> QueryString
forall a b. a -> b -> a
Prelude.const QueryString
forall a. Monoid a => a
Prelude.mempty

-- | /See:/ 'newRetireGrantResponse' smart constructor.
data RetireGrantResponse = RetireGrantResponse'
  {
  }
  deriving (RetireGrantResponse -> RetireGrantResponse -> Bool
(RetireGrantResponse -> RetireGrantResponse -> Bool)
-> (RetireGrantResponse -> RetireGrantResponse -> Bool)
-> Eq RetireGrantResponse
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: RetireGrantResponse -> RetireGrantResponse -> Bool
$c/= :: RetireGrantResponse -> RetireGrantResponse -> Bool
== :: RetireGrantResponse -> RetireGrantResponse -> Bool
$c== :: RetireGrantResponse -> RetireGrantResponse -> Bool
Prelude.Eq, ReadPrec [RetireGrantResponse]
ReadPrec RetireGrantResponse
Int -> ReadS RetireGrantResponse
ReadS [RetireGrantResponse]
(Int -> ReadS RetireGrantResponse)
-> ReadS [RetireGrantResponse]
-> ReadPrec RetireGrantResponse
-> ReadPrec [RetireGrantResponse]
-> Read RetireGrantResponse
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [RetireGrantResponse]
$creadListPrec :: ReadPrec [RetireGrantResponse]
readPrec :: ReadPrec RetireGrantResponse
$creadPrec :: ReadPrec RetireGrantResponse
readList :: ReadS [RetireGrantResponse]
$creadList :: ReadS [RetireGrantResponse]
readsPrec :: Int -> ReadS RetireGrantResponse
$creadsPrec :: Int -> ReadS RetireGrantResponse
Prelude.Read, Int -> RetireGrantResponse -> ShowS
[RetireGrantResponse] -> ShowS
RetireGrantResponse -> String
(Int -> RetireGrantResponse -> ShowS)
-> (RetireGrantResponse -> String)
-> ([RetireGrantResponse] -> ShowS)
-> Show RetireGrantResponse
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [RetireGrantResponse] -> ShowS
$cshowList :: [RetireGrantResponse] -> ShowS
show :: RetireGrantResponse -> String
$cshow :: RetireGrantResponse -> String
showsPrec :: Int -> RetireGrantResponse -> ShowS
$cshowsPrec :: Int -> RetireGrantResponse -> ShowS
Prelude.Show, (forall x. RetireGrantResponse -> Rep RetireGrantResponse x)
-> (forall x. Rep RetireGrantResponse x -> RetireGrantResponse)
-> Generic RetireGrantResponse
forall x. Rep RetireGrantResponse x -> RetireGrantResponse
forall x. RetireGrantResponse -> Rep RetireGrantResponse x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x. Rep RetireGrantResponse x -> RetireGrantResponse
$cfrom :: forall x. RetireGrantResponse -> Rep RetireGrantResponse x
Prelude.Generic)

-- |
-- Create a value of 'RetireGrantResponse' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
newRetireGrantResponse ::
  RetireGrantResponse
newRetireGrantResponse :: RetireGrantResponse
newRetireGrantResponse = RetireGrantResponse
RetireGrantResponse'

instance Prelude.NFData RetireGrantResponse