{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE TypeFamilies #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-binds #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.KMS.RevokeGrant
-- Copyright   : (c) 2013-2021 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
--
-- Deletes the specified grant. You revoke a grant to terminate the
-- permissions that the grant allows. For more information, see
-- <https://docs.aws.amazon.com/kms/latest/developerguide/managing-grants.html#grant-delete Retiring and revoking grants>
-- in the //Key Management Service Developer Guide// .
--
-- When you create, retire, or revoke a grant, there might be a brief
-- delay, usually less than five minutes, until the grant is available
-- throughout KMS. This state is known as /eventual consistency/. For
-- details, see
-- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#terms-eventual-consistency Eventual consistency>
-- in the //Key Management Service Developer Guide// .
--
-- For detailed information about grants, including grant terminology, see
-- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html Using grants>
-- in the //Key Management Service Developer Guide// . For examples of
-- working with grants in several programming languages, see
-- <https://docs.aws.amazon.com/kms/latest/developerguide/programming-grants.html Programming grants>.
--
-- __Cross-account use__: Yes. To perform this operation on a KMS key in a
-- different Amazon Web Services account, specify the key ARN in the value
-- of the @KeyId@ parameter.
--
-- __Required permissions__:
-- <https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html kms:RevokeGrant>
-- (key policy).
--
-- __Related operations:__
--
-- -   CreateGrant
--
-- -   ListGrants
--
-- -   ListRetirableGrants
--
-- -   RetireGrant
module Amazonka.KMS.RevokeGrant
  ( -- * Creating a Request
    RevokeGrant (..),
    newRevokeGrant,

    -- * Request Lenses
    revokeGrant_keyId,
    revokeGrant_grantId,

    -- * Destructuring the Response
    RevokeGrantResponse (..),
    newRevokeGrantResponse,
  )
where

import qualified Amazonka.Core as Core
import Amazonka.KMS.Types
import qualified Amazonka.Lens as Lens
import qualified Amazonka.Prelude as Prelude
import qualified Amazonka.Request as Request
import qualified Amazonka.Response as Response

-- | /See:/ 'newRevokeGrant' smart constructor.
data RevokeGrant = RevokeGrant'
  { -- | A unique identifier for the KMS key associated with the grant. To get
    -- the key ID and key ARN for a KMS key, use ListKeys or DescribeKey.
    --
    -- Specify the key ID or key ARN of the KMS key. To specify a KMS key in a
    -- different Amazon Web Services account, you must use the key ARN.
    --
    -- For example:
    --
    -- -   Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@
    --
    -- -   Key ARN:
    --     @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@
    --
    -- To get the key ID and key ARN for a KMS key, use ListKeys or
    -- DescribeKey.
    RevokeGrant -> Text
keyId :: Prelude.Text,
    -- | Identifies the grant to revoke. To get the grant ID, use CreateGrant,
    -- ListGrants, or ListRetirableGrants.
    RevokeGrant -> Text
grantId :: Prelude.Text
  }
  deriving (RevokeGrant -> RevokeGrant -> Bool
(RevokeGrant -> RevokeGrant -> Bool)
-> (RevokeGrant -> RevokeGrant -> Bool) -> Eq RevokeGrant
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: RevokeGrant -> RevokeGrant -> Bool
$c/= :: RevokeGrant -> RevokeGrant -> Bool
== :: RevokeGrant -> RevokeGrant -> Bool
$c== :: RevokeGrant -> RevokeGrant -> Bool
Prelude.Eq, ReadPrec [RevokeGrant]
ReadPrec RevokeGrant
Int -> ReadS RevokeGrant
ReadS [RevokeGrant]
(Int -> ReadS RevokeGrant)
-> ReadS [RevokeGrant]
-> ReadPrec RevokeGrant
-> ReadPrec [RevokeGrant]
-> Read RevokeGrant
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [RevokeGrant]
$creadListPrec :: ReadPrec [RevokeGrant]
readPrec :: ReadPrec RevokeGrant
$creadPrec :: ReadPrec RevokeGrant
readList :: ReadS [RevokeGrant]
$creadList :: ReadS [RevokeGrant]
readsPrec :: Int -> ReadS RevokeGrant
$creadsPrec :: Int -> ReadS RevokeGrant
Prelude.Read, Int -> RevokeGrant -> ShowS
[RevokeGrant] -> ShowS
RevokeGrant -> String
(Int -> RevokeGrant -> ShowS)
-> (RevokeGrant -> String)
-> ([RevokeGrant] -> ShowS)
-> Show RevokeGrant
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [RevokeGrant] -> ShowS
$cshowList :: [RevokeGrant] -> ShowS
show :: RevokeGrant -> String
$cshow :: RevokeGrant -> String
showsPrec :: Int -> RevokeGrant -> ShowS
$cshowsPrec :: Int -> RevokeGrant -> ShowS
Prelude.Show, (forall x. RevokeGrant -> Rep RevokeGrant x)
-> (forall x. Rep RevokeGrant x -> RevokeGrant)
-> Generic RevokeGrant
forall x. Rep RevokeGrant x -> RevokeGrant
forall x. RevokeGrant -> Rep RevokeGrant x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x. Rep RevokeGrant x -> RevokeGrant
$cfrom :: forall x. RevokeGrant -> Rep RevokeGrant x
Prelude.Generic)

-- |
-- Create a value of 'RevokeGrant' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'keyId', 'revokeGrant_keyId' - A unique identifier for the KMS key associated with the grant. To get
-- the key ID and key ARN for a KMS key, use ListKeys or DescribeKey.
--
-- Specify the key ID or key ARN of the KMS key. To specify a KMS key in a
-- different Amazon Web Services account, you must use the key ARN.
--
-- For example:
--
-- -   Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@
--
-- -   Key ARN:
--     @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@
--
-- To get the key ID and key ARN for a KMS key, use ListKeys or
-- DescribeKey.
--
-- 'grantId', 'revokeGrant_grantId' - Identifies the grant to revoke. To get the grant ID, use CreateGrant,
-- ListGrants, or ListRetirableGrants.
newRevokeGrant ::
  -- | 'keyId'
  Prelude.Text ->
  -- | 'grantId'
  Prelude.Text ->
  RevokeGrant
newRevokeGrant :: Text -> Text -> RevokeGrant
newRevokeGrant Text
pKeyId_ Text
pGrantId_ =
  RevokeGrant' :: Text -> Text -> RevokeGrant
RevokeGrant' {$sel:keyId:RevokeGrant' :: Text
keyId = Text
pKeyId_, $sel:grantId:RevokeGrant' :: Text
grantId = Text
pGrantId_}

-- | A unique identifier for the KMS key associated with the grant. To get
-- the key ID and key ARN for a KMS key, use ListKeys or DescribeKey.
--
-- Specify the key ID or key ARN of the KMS key. To specify a KMS key in a
-- different Amazon Web Services account, you must use the key ARN.
--
-- For example:
--
-- -   Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@
--
-- -   Key ARN:
--     @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@
--
-- To get the key ID and key ARN for a KMS key, use ListKeys or
-- DescribeKey.
revokeGrant_keyId :: Lens.Lens' RevokeGrant Prelude.Text
revokeGrant_keyId :: (Text -> f Text) -> RevokeGrant -> f RevokeGrant
revokeGrant_keyId = (RevokeGrant -> Text)
-> (RevokeGrant -> Text -> RevokeGrant)
-> Lens RevokeGrant RevokeGrant Text Text
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\RevokeGrant' {Text
keyId :: Text
$sel:keyId:RevokeGrant' :: RevokeGrant -> Text
keyId} -> Text
keyId) (\s :: RevokeGrant
s@RevokeGrant' {} Text
a -> RevokeGrant
s {$sel:keyId:RevokeGrant' :: Text
keyId = Text
a} :: RevokeGrant)

-- | Identifies the grant to revoke. To get the grant ID, use CreateGrant,
-- ListGrants, or ListRetirableGrants.
revokeGrant_grantId :: Lens.Lens' RevokeGrant Prelude.Text
revokeGrant_grantId :: (Text -> f Text) -> RevokeGrant -> f RevokeGrant
revokeGrant_grantId = (RevokeGrant -> Text)
-> (RevokeGrant -> Text -> RevokeGrant)
-> Lens RevokeGrant RevokeGrant Text Text
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\RevokeGrant' {Text
grantId :: Text
$sel:grantId:RevokeGrant' :: RevokeGrant -> Text
grantId} -> Text
grantId) (\s :: RevokeGrant
s@RevokeGrant' {} Text
a -> RevokeGrant
s {$sel:grantId:RevokeGrant' :: Text
grantId = Text
a} :: RevokeGrant)

instance Core.AWSRequest RevokeGrant where
  type AWSResponse RevokeGrant = RevokeGrantResponse
  request :: RevokeGrant -> Request RevokeGrant
request = Service -> RevokeGrant -> Request RevokeGrant
forall a. (ToRequest a, ToJSON a) => Service -> a -> Request a
Request.postJSON Service
defaultService
  response :: Logger
-> Service
-> Proxy RevokeGrant
-> ClientResponse ClientBody
-> m (Either Error (ClientResponse (AWSResponse RevokeGrant)))
response = AWSResponse RevokeGrant
-> Logger
-> Service
-> Proxy RevokeGrant
-> ClientResponse ClientBody
-> m (Either Error (ClientResponse (AWSResponse RevokeGrant)))
forall (m :: * -> *) a.
MonadResource m =>
AWSResponse a
-> Logger
-> Service
-> Proxy a
-> ClientResponse ClientBody
-> m (Either Error (ClientResponse (AWSResponse a)))
Response.receiveNull AWSResponse RevokeGrant
RevokeGrantResponse
RevokeGrantResponse'

instance Prelude.Hashable RevokeGrant

instance Prelude.NFData RevokeGrant

instance Core.ToHeaders RevokeGrant where
  toHeaders :: RevokeGrant -> [Header]
toHeaders =
    [Header] -> RevokeGrant -> [Header]
forall a b. a -> b -> a
Prelude.const
      ( [[Header]] -> [Header]
forall a. Monoid a => [a] -> a
Prelude.mconcat
          [ HeaderName
"X-Amz-Target"
              HeaderName -> ByteString -> [Header]
forall a. ToHeader a => HeaderName -> a -> [Header]
Core.=# (ByteString
"TrentService.RevokeGrant" :: Prelude.ByteString),
            HeaderName
"Content-Type"
              HeaderName -> ByteString -> [Header]
forall a. ToHeader a => HeaderName -> a -> [Header]
Core.=# ( ByteString
"application/x-amz-json-1.1" ::
                          Prelude.ByteString
                      )
          ]
      )

instance Core.ToJSON RevokeGrant where
  toJSON :: RevokeGrant -> Value
toJSON RevokeGrant' {Text
grantId :: Text
keyId :: Text
$sel:grantId:RevokeGrant' :: RevokeGrant -> Text
$sel:keyId:RevokeGrant' :: RevokeGrant -> Text
..} =
    [Pair] -> Value
Core.object
      ( [Maybe Pair] -> [Pair]
forall a. [Maybe a] -> [a]
Prelude.catMaybes
          [ Pair -> Maybe Pair
forall a. a -> Maybe a
Prelude.Just (Text
"KeyId" Text -> Text -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..= Text
keyId),
            Pair -> Maybe Pair
forall a. a -> Maybe a
Prelude.Just (Text
"GrantId" Text -> Text -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..= Text
grantId)
          ]
      )

instance Core.ToPath RevokeGrant where
  toPath :: RevokeGrant -> ByteString
toPath = ByteString -> RevokeGrant -> ByteString
forall a b. a -> b -> a
Prelude.const ByteString
"/"

instance Core.ToQuery RevokeGrant where
  toQuery :: RevokeGrant -> QueryString
toQuery = QueryString -> RevokeGrant -> QueryString
forall a b. a -> b -> a
Prelude.const QueryString
forall a. Monoid a => a
Prelude.mempty

-- | /See:/ 'newRevokeGrantResponse' smart constructor.
data RevokeGrantResponse = RevokeGrantResponse'
  {
  }
  deriving (RevokeGrantResponse -> RevokeGrantResponse -> Bool
(RevokeGrantResponse -> RevokeGrantResponse -> Bool)
-> (RevokeGrantResponse -> RevokeGrantResponse -> Bool)
-> Eq RevokeGrantResponse
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: RevokeGrantResponse -> RevokeGrantResponse -> Bool
$c/= :: RevokeGrantResponse -> RevokeGrantResponse -> Bool
== :: RevokeGrantResponse -> RevokeGrantResponse -> Bool
$c== :: RevokeGrantResponse -> RevokeGrantResponse -> Bool
Prelude.Eq, ReadPrec [RevokeGrantResponse]
ReadPrec RevokeGrantResponse
Int -> ReadS RevokeGrantResponse
ReadS [RevokeGrantResponse]
(Int -> ReadS RevokeGrantResponse)
-> ReadS [RevokeGrantResponse]
-> ReadPrec RevokeGrantResponse
-> ReadPrec [RevokeGrantResponse]
-> Read RevokeGrantResponse
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [RevokeGrantResponse]
$creadListPrec :: ReadPrec [RevokeGrantResponse]
readPrec :: ReadPrec RevokeGrantResponse
$creadPrec :: ReadPrec RevokeGrantResponse
readList :: ReadS [RevokeGrantResponse]
$creadList :: ReadS [RevokeGrantResponse]
readsPrec :: Int -> ReadS RevokeGrantResponse
$creadsPrec :: Int -> ReadS RevokeGrantResponse
Prelude.Read, Int -> RevokeGrantResponse -> ShowS
[RevokeGrantResponse] -> ShowS
RevokeGrantResponse -> String
(Int -> RevokeGrantResponse -> ShowS)
-> (RevokeGrantResponse -> String)
-> ([RevokeGrantResponse] -> ShowS)
-> Show RevokeGrantResponse
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [RevokeGrantResponse] -> ShowS
$cshowList :: [RevokeGrantResponse] -> ShowS
show :: RevokeGrantResponse -> String
$cshow :: RevokeGrantResponse -> String
showsPrec :: Int -> RevokeGrantResponse -> ShowS
$cshowsPrec :: Int -> RevokeGrantResponse -> ShowS
Prelude.Show, (forall x. RevokeGrantResponse -> Rep RevokeGrantResponse x)
-> (forall x. Rep RevokeGrantResponse x -> RevokeGrantResponse)
-> Generic RevokeGrantResponse
forall x. Rep RevokeGrantResponse x -> RevokeGrantResponse
forall x. RevokeGrantResponse -> Rep RevokeGrantResponse x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x. Rep RevokeGrantResponse x -> RevokeGrantResponse
$cfrom :: forall x. RevokeGrantResponse -> Rep RevokeGrantResponse x
Prelude.Generic)

-- |
-- Create a value of 'RevokeGrantResponse' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
newRevokeGrantResponse ::
  RevokeGrantResponse
newRevokeGrantResponse :: RevokeGrantResponse
newRevokeGrantResponse = RevokeGrantResponse
RevokeGrantResponse'

instance Prelude.NFData RevokeGrantResponse