{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE TypeFamilies #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-binds #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.KMS.UpdatePrimaryRegion
-- Copyright   : (c) 2013-2021 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
--
-- Changes the primary key of a multi-Region key.
--
-- This operation changes the replica key in the specified Region to a
-- primary key and changes the former primary key to a replica key. For
-- example, suppose you have a primary key in @us-east-1@ and a replica key
-- in @eu-west-2@. If you run @UpdatePrimaryRegion@ with a @PrimaryRegion@
-- value of @eu-west-2@, the primary key is now the key in @eu-west-2@, and
-- the key in @us-east-1@ becomes a replica key. For details, see
-- <https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-update Updating the primary Region>
-- in the /Key Management Service Developer Guide/.
--
-- This operation supports /multi-Region keys/, an KMS feature that lets
-- you create multiple interoperable KMS keys in different Amazon Web
-- Services Regions. Because these KMS keys have the same key ID, key
-- material, and other metadata, you can use them interchangeably to
-- encrypt data in one Amazon Web Services Region and decrypt it in a
-- different Amazon Web Services Region without re-encrypting the data or
-- making a cross-Region call. For more information about multi-Region
-- keys, see
-- <https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html Using multi-Region keys>
-- in the /Key Management Service Developer Guide/.
--
-- The /primary key/ of a multi-Region key is the source for properties
-- that are always shared by primary and replica keys, including the key
-- material,
-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-id key ID>,
-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-spec key spec>,
-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-usage key usage>,
-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-origin key material origin>,
-- and
-- <https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html automatic key rotation>.
-- It\'s the only key that can be replicated. You cannot
-- <https://docs.aws.amazon.com/kms/latest/APIReference/API_ScheduleKeyDeletion.html delete the primary key>
-- until all replica keys are deleted.
--
-- The key ID and primary Region that you specify uniquely identify the
-- replica key that will become the primary key. The primary Region must
-- already have a replica key. This operation does not create a KMS key in
-- the specified Region. To find the replica keys, use the DescribeKey
-- operation on the primary key or any replica key. To create a replica
-- key, use the ReplicateKey operation.
--
-- You can run this operation while using the affected multi-Region keys in
-- cryptographic operations. This operation should not delay, interrupt, or
-- cause failures in cryptographic operations.
--
-- Even after this operation completes, the process of updating the primary
-- Region might still be in progress for a few more seconds. Operations
-- such as @DescribeKey@ might display both the old and new primary keys as
-- replicas. The old and new primary keys have a transient key state of
-- @Updating@. The original key state is restored when the update is
-- complete. While the key state is @Updating@, you can use the keys in
-- cryptographic operations, but you cannot replicate the new primary key
-- or perform certain management operations, such as enabling or disabling
-- these keys. For details about the @Updating@ key state, see
-- <kms/latest/developerguide/key-state.html Key state: Effect on your KMS key>
-- in the /Key Management Service Developer Guide/.
--
-- This operation does not return any output. To verify that primary key is
-- changed, use the DescribeKey operation.
--
-- __Cross-account use__: No. You cannot use this operation in a different
-- Amazon Web Services account.
--
-- __Required permissions__:
--
-- -   @kms:UpdatePrimaryRegion@ on the current primary key (in the primary
--     key\'s Region). Include this permission primary key\'s key policy.
--
-- -   @kms:UpdatePrimaryRegion@ on the current replica key (in the replica
--     key\'s Region). Include this permission in the replica key\'s key
--     policy.
--
-- __Related operations__
--
-- -   CreateKey
--
-- -   ReplicateKey
module Amazonka.KMS.UpdatePrimaryRegion
  ( -- * Creating a Request
    UpdatePrimaryRegion (..),
    newUpdatePrimaryRegion,

    -- * Request Lenses
    updatePrimaryRegion_keyId,
    updatePrimaryRegion_primaryRegion,

    -- * Destructuring the Response
    UpdatePrimaryRegionResponse (..),
    newUpdatePrimaryRegionResponse,
  )
where

import qualified Amazonka.Core as Core
import Amazonka.KMS.Types
import qualified Amazonka.Lens as Lens
import qualified Amazonka.Prelude as Prelude
import qualified Amazonka.Request as Request
import qualified Amazonka.Response as Response

-- | /See:/ 'newUpdatePrimaryRegion' smart constructor.
data UpdatePrimaryRegion = UpdatePrimaryRegion'
  { -- | Identifies the current primary key. When the operation completes, this
    -- KMS key will be a replica key.
    --
    -- Specify the key ID or key ARN of a multi-Region primary key.
    --
    -- For example:
    --
    -- -   Key ID: @mrk-1234abcd12ab34cd56ef1234567890ab@
    --
    -- -   Key ARN:
    --     @arn:aws:kms:us-east-2:111122223333:key\/mrk-1234abcd12ab34cd56ef1234567890ab@
    --
    -- To get the key ID and key ARN for a KMS key, use ListKeys or
    -- DescribeKey.
    UpdatePrimaryRegion -> Text
keyId :: Prelude.Text,
    -- | The Amazon Web Services Region of the new primary key. Enter the Region
    -- ID, such as @us-east-1@ or @ap-southeast-2@. There must be an existing
    -- replica key in this Region.
    --
    -- When the operation completes, the multi-Region key in this Region will
    -- be the primary key.
    UpdatePrimaryRegion -> Text
primaryRegion :: Prelude.Text
  }
  deriving (UpdatePrimaryRegion -> UpdatePrimaryRegion -> Bool
(UpdatePrimaryRegion -> UpdatePrimaryRegion -> Bool)
-> (UpdatePrimaryRegion -> UpdatePrimaryRegion -> Bool)
-> Eq UpdatePrimaryRegion
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: UpdatePrimaryRegion -> UpdatePrimaryRegion -> Bool
$c/= :: UpdatePrimaryRegion -> UpdatePrimaryRegion -> Bool
== :: UpdatePrimaryRegion -> UpdatePrimaryRegion -> Bool
$c== :: UpdatePrimaryRegion -> UpdatePrimaryRegion -> Bool
Prelude.Eq, ReadPrec [UpdatePrimaryRegion]
ReadPrec UpdatePrimaryRegion
Int -> ReadS UpdatePrimaryRegion
ReadS [UpdatePrimaryRegion]
(Int -> ReadS UpdatePrimaryRegion)
-> ReadS [UpdatePrimaryRegion]
-> ReadPrec UpdatePrimaryRegion
-> ReadPrec [UpdatePrimaryRegion]
-> Read UpdatePrimaryRegion
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [UpdatePrimaryRegion]
$creadListPrec :: ReadPrec [UpdatePrimaryRegion]
readPrec :: ReadPrec UpdatePrimaryRegion
$creadPrec :: ReadPrec UpdatePrimaryRegion
readList :: ReadS [UpdatePrimaryRegion]
$creadList :: ReadS [UpdatePrimaryRegion]
readsPrec :: Int -> ReadS UpdatePrimaryRegion
$creadsPrec :: Int -> ReadS UpdatePrimaryRegion
Prelude.Read, Int -> UpdatePrimaryRegion -> ShowS
[UpdatePrimaryRegion] -> ShowS
UpdatePrimaryRegion -> String
(Int -> UpdatePrimaryRegion -> ShowS)
-> (UpdatePrimaryRegion -> String)
-> ([UpdatePrimaryRegion] -> ShowS)
-> Show UpdatePrimaryRegion
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [UpdatePrimaryRegion] -> ShowS
$cshowList :: [UpdatePrimaryRegion] -> ShowS
show :: UpdatePrimaryRegion -> String
$cshow :: UpdatePrimaryRegion -> String
showsPrec :: Int -> UpdatePrimaryRegion -> ShowS
$cshowsPrec :: Int -> UpdatePrimaryRegion -> ShowS
Prelude.Show, (forall x. UpdatePrimaryRegion -> Rep UpdatePrimaryRegion x)
-> (forall x. Rep UpdatePrimaryRegion x -> UpdatePrimaryRegion)
-> Generic UpdatePrimaryRegion
forall x. Rep UpdatePrimaryRegion x -> UpdatePrimaryRegion
forall x. UpdatePrimaryRegion -> Rep UpdatePrimaryRegion x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x. Rep UpdatePrimaryRegion x -> UpdatePrimaryRegion
$cfrom :: forall x. UpdatePrimaryRegion -> Rep UpdatePrimaryRegion x
Prelude.Generic)

-- |
-- Create a value of 'UpdatePrimaryRegion' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'keyId', 'updatePrimaryRegion_keyId' - Identifies the current primary key. When the operation completes, this
-- KMS key will be a replica key.
--
-- Specify the key ID or key ARN of a multi-Region primary key.
--
-- For example:
--
-- -   Key ID: @mrk-1234abcd12ab34cd56ef1234567890ab@
--
-- -   Key ARN:
--     @arn:aws:kms:us-east-2:111122223333:key\/mrk-1234abcd12ab34cd56ef1234567890ab@
--
-- To get the key ID and key ARN for a KMS key, use ListKeys or
-- DescribeKey.
--
-- 'primaryRegion', 'updatePrimaryRegion_primaryRegion' - The Amazon Web Services Region of the new primary key. Enter the Region
-- ID, such as @us-east-1@ or @ap-southeast-2@. There must be an existing
-- replica key in this Region.
--
-- When the operation completes, the multi-Region key in this Region will
-- be the primary key.
newUpdatePrimaryRegion ::
  -- | 'keyId'
  Prelude.Text ->
  -- | 'primaryRegion'
  Prelude.Text ->
  UpdatePrimaryRegion
newUpdatePrimaryRegion :: Text -> Text -> UpdatePrimaryRegion
newUpdatePrimaryRegion Text
pKeyId_ Text
pPrimaryRegion_ =
  UpdatePrimaryRegion' :: Text -> Text -> UpdatePrimaryRegion
UpdatePrimaryRegion'
    { $sel:keyId:UpdatePrimaryRegion' :: Text
keyId = Text
pKeyId_,
      $sel:primaryRegion:UpdatePrimaryRegion' :: Text
primaryRegion = Text
pPrimaryRegion_
    }

-- | Identifies the current primary key. When the operation completes, this
-- KMS key will be a replica key.
--
-- Specify the key ID or key ARN of a multi-Region primary key.
--
-- For example:
--
-- -   Key ID: @mrk-1234abcd12ab34cd56ef1234567890ab@
--
-- -   Key ARN:
--     @arn:aws:kms:us-east-2:111122223333:key\/mrk-1234abcd12ab34cd56ef1234567890ab@
--
-- To get the key ID and key ARN for a KMS key, use ListKeys or
-- DescribeKey.
updatePrimaryRegion_keyId :: Lens.Lens' UpdatePrimaryRegion Prelude.Text
updatePrimaryRegion_keyId :: (Text -> f Text) -> UpdatePrimaryRegion -> f UpdatePrimaryRegion
updatePrimaryRegion_keyId = (UpdatePrimaryRegion -> Text)
-> (UpdatePrimaryRegion -> Text -> UpdatePrimaryRegion)
-> Lens UpdatePrimaryRegion UpdatePrimaryRegion Text Text
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\UpdatePrimaryRegion' {Text
keyId :: Text
$sel:keyId:UpdatePrimaryRegion' :: UpdatePrimaryRegion -> Text
keyId} -> Text
keyId) (\s :: UpdatePrimaryRegion
s@UpdatePrimaryRegion' {} Text
a -> UpdatePrimaryRegion
s {$sel:keyId:UpdatePrimaryRegion' :: Text
keyId = Text
a} :: UpdatePrimaryRegion)

-- | The Amazon Web Services Region of the new primary key. Enter the Region
-- ID, such as @us-east-1@ or @ap-southeast-2@. There must be an existing
-- replica key in this Region.
--
-- When the operation completes, the multi-Region key in this Region will
-- be the primary key.
updatePrimaryRegion_primaryRegion :: Lens.Lens' UpdatePrimaryRegion Prelude.Text
updatePrimaryRegion_primaryRegion :: (Text -> f Text) -> UpdatePrimaryRegion -> f UpdatePrimaryRegion
updatePrimaryRegion_primaryRegion = (UpdatePrimaryRegion -> Text)
-> (UpdatePrimaryRegion -> Text -> UpdatePrimaryRegion)
-> Lens UpdatePrimaryRegion UpdatePrimaryRegion Text Text
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\UpdatePrimaryRegion' {Text
primaryRegion :: Text
$sel:primaryRegion:UpdatePrimaryRegion' :: UpdatePrimaryRegion -> Text
primaryRegion} -> Text
primaryRegion) (\s :: UpdatePrimaryRegion
s@UpdatePrimaryRegion' {} Text
a -> UpdatePrimaryRegion
s {$sel:primaryRegion:UpdatePrimaryRegion' :: Text
primaryRegion = Text
a} :: UpdatePrimaryRegion)

instance Core.AWSRequest UpdatePrimaryRegion where
  type
    AWSResponse UpdatePrimaryRegion =
      UpdatePrimaryRegionResponse
  request :: UpdatePrimaryRegion -> Request UpdatePrimaryRegion
request = Service -> UpdatePrimaryRegion -> Request UpdatePrimaryRegion
forall a. (ToRequest a, ToJSON a) => Service -> a -> Request a
Request.postJSON Service
defaultService
  response :: Logger
-> Service
-> Proxy UpdatePrimaryRegion
-> ClientResponse ClientBody
-> m (Either
        Error (ClientResponse (AWSResponse UpdatePrimaryRegion)))
response =
    AWSResponse UpdatePrimaryRegion
-> Logger
-> Service
-> Proxy UpdatePrimaryRegion
-> ClientResponse ClientBody
-> m (Either
        Error (ClientResponse (AWSResponse UpdatePrimaryRegion)))
forall (m :: * -> *) a.
MonadResource m =>
AWSResponse a
-> Logger
-> Service
-> Proxy a
-> ClientResponse ClientBody
-> m (Either Error (ClientResponse (AWSResponse a)))
Response.receiveNull AWSResponse UpdatePrimaryRegion
UpdatePrimaryRegionResponse
UpdatePrimaryRegionResponse'

instance Prelude.Hashable UpdatePrimaryRegion

instance Prelude.NFData UpdatePrimaryRegion

instance Core.ToHeaders UpdatePrimaryRegion where
  toHeaders :: UpdatePrimaryRegion -> [Header]
toHeaders =
    [Header] -> UpdatePrimaryRegion -> [Header]
forall a b. a -> b -> a
Prelude.const
      ( [[Header]] -> [Header]
forall a. Monoid a => [a] -> a
Prelude.mconcat
          [ HeaderName
"X-Amz-Target"
              HeaderName -> ByteString -> [Header]
forall a. ToHeader a => HeaderName -> a -> [Header]
Core.=# ( ByteString
"TrentService.UpdatePrimaryRegion" ::
                          Prelude.ByteString
                      ),
            HeaderName
"Content-Type"
              HeaderName -> ByteString -> [Header]
forall a. ToHeader a => HeaderName -> a -> [Header]
Core.=# ( ByteString
"application/x-amz-json-1.1" ::
                          Prelude.ByteString
                      )
          ]
      )

instance Core.ToJSON UpdatePrimaryRegion where
  toJSON :: UpdatePrimaryRegion -> Value
toJSON UpdatePrimaryRegion' {Text
primaryRegion :: Text
keyId :: Text
$sel:primaryRegion:UpdatePrimaryRegion' :: UpdatePrimaryRegion -> Text
$sel:keyId:UpdatePrimaryRegion' :: UpdatePrimaryRegion -> Text
..} =
    [Pair] -> Value
Core.object
      ( [Maybe Pair] -> [Pair]
forall a. [Maybe a] -> [a]
Prelude.catMaybes
          [ Pair -> Maybe Pair
forall a. a -> Maybe a
Prelude.Just (Text
"KeyId" Text -> Text -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..= Text
keyId),
            Pair -> Maybe Pair
forall a. a -> Maybe a
Prelude.Just
              (Text
"PrimaryRegion" Text -> Text -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..= Text
primaryRegion)
          ]
      )

instance Core.ToPath UpdatePrimaryRegion where
  toPath :: UpdatePrimaryRegion -> ByteString
toPath = ByteString -> UpdatePrimaryRegion -> ByteString
forall a b. a -> b -> a
Prelude.const ByteString
"/"

instance Core.ToQuery UpdatePrimaryRegion where
  toQuery :: UpdatePrimaryRegion -> QueryString
toQuery = QueryString -> UpdatePrimaryRegion -> QueryString
forall a b. a -> b -> a
Prelude.const QueryString
forall a. Monoid a => a
Prelude.mempty

-- | /See:/ 'newUpdatePrimaryRegionResponse' smart constructor.
data UpdatePrimaryRegionResponse = UpdatePrimaryRegionResponse'
  {
  }
  deriving (UpdatePrimaryRegionResponse -> UpdatePrimaryRegionResponse -> Bool
(UpdatePrimaryRegionResponse
 -> UpdatePrimaryRegionResponse -> Bool)
-> (UpdatePrimaryRegionResponse
    -> UpdatePrimaryRegionResponse -> Bool)
-> Eq UpdatePrimaryRegionResponse
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: UpdatePrimaryRegionResponse -> UpdatePrimaryRegionResponse -> Bool
$c/= :: UpdatePrimaryRegionResponse -> UpdatePrimaryRegionResponse -> Bool
== :: UpdatePrimaryRegionResponse -> UpdatePrimaryRegionResponse -> Bool
$c== :: UpdatePrimaryRegionResponse -> UpdatePrimaryRegionResponse -> Bool
Prelude.Eq, ReadPrec [UpdatePrimaryRegionResponse]
ReadPrec UpdatePrimaryRegionResponse
Int -> ReadS UpdatePrimaryRegionResponse
ReadS [UpdatePrimaryRegionResponse]
(Int -> ReadS UpdatePrimaryRegionResponse)
-> ReadS [UpdatePrimaryRegionResponse]
-> ReadPrec UpdatePrimaryRegionResponse
-> ReadPrec [UpdatePrimaryRegionResponse]
-> Read UpdatePrimaryRegionResponse
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [UpdatePrimaryRegionResponse]
$creadListPrec :: ReadPrec [UpdatePrimaryRegionResponse]
readPrec :: ReadPrec UpdatePrimaryRegionResponse
$creadPrec :: ReadPrec UpdatePrimaryRegionResponse
readList :: ReadS [UpdatePrimaryRegionResponse]
$creadList :: ReadS [UpdatePrimaryRegionResponse]
readsPrec :: Int -> ReadS UpdatePrimaryRegionResponse
$creadsPrec :: Int -> ReadS UpdatePrimaryRegionResponse
Prelude.Read, Int -> UpdatePrimaryRegionResponse -> ShowS
[UpdatePrimaryRegionResponse] -> ShowS
UpdatePrimaryRegionResponse -> String
(Int -> UpdatePrimaryRegionResponse -> ShowS)
-> (UpdatePrimaryRegionResponse -> String)
-> ([UpdatePrimaryRegionResponse] -> ShowS)
-> Show UpdatePrimaryRegionResponse
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [UpdatePrimaryRegionResponse] -> ShowS
$cshowList :: [UpdatePrimaryRegionResponse] -> ShowS
show :: UpdatePrimaryRegionResponse -> String
$cshow :: UpdatePrimaryRegionResponse -> String
showsPrec :: Int -> UpdatePrimaryRegionResponse -> ShowS
$cshowsPrec :: Int -> UpdatePrimaryRegionResponse -> ShowS
Prelude.Show, (forall x.
 UpdatePrimaryRegionResponse -> Rep UpdatePrimaryRegionResponse x)
-> (forall x.
    Rep UpdatePrimaryRegionResponse x -> UpdatePrimaryRegionResponse)
-> Generic UpdatePrimaryRegionResponse
forall x.
Rep UpdatePrimaryRegionResponse x -> UpdatePrimaryRegionResponse
forall x.
UpdatePrimaryRegionResponse -> Rep UpdatePrimaryRegionResponse x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x.
Rep UpdatePrimaryRegionResponse x -> UpdatePrimaryRegionResponse
$cfrom :: forall x.
UpdatePrimaryRegionResponse -> Rep UpdatePrimaryRegionResponse x
Prelude.Generic)

-- |
-- Create a value of 'UpdatePrimaryRegionResponse' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
newUpdatePrimaryRegionResponse ::
  UpdatePrimaryRegionResponse
newUpdatePrimaryRegionResponse :: UpdatePrimaryRegionResponse
newUpdatePrimaryRegionResponse =
  UpdatePrimaryRegionResponse
UpdatePrimaryRegionResponse'

instance Prelude.NFData UpdatePrimaryRegionResponse