{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.QLDB.Types.LedgerEncryptionDescription
-- Copyright   : (c) 2013-2021 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
module Amazonka.QLDB.Types.LedgerEncryptionDescription where

import qualified Amazonka.Core as Core
import qualified Amazonka.Lens as Lens
import qualified Amazonka.Prelude as Prelude
import Amazonka.QLDB.Types.EncryptionStatus

-- | Information about the encryption of data at rest in an Amazon QLDB
-- ledger. This includes the current status, the key in Key Management
-- Service (KMS), and when the key became inaccessible (in the case of an
-- error).
--
-- For more information, see
-- <https://docs.aws.amazon.com/qldb/latest/developerguide/encryption-at-rest.html Encryption at rest>
-- in the /Amazon QLDB Developer Guide/.
--
-- /See:/ 'newLedgerEncryptionDescription' smart constructor.
data LedgerEncryptionDescription = LedgerEncryptionDescription'
  { -- | The date and time, in epoch time format, when the KMS key first became
    -- inaccessible, in the case of an error. (Epoch time format is the number
    -- of seconds that have elapsed since 12:00:00 AM January 1, 1970 UTC.)
    --
    -- This parameter is undefined if the KMS key is accessible.
    LedgerEncryptionDescription -> Maybe POSIX
inaccessibleKmsKeyDateTime :: Prelude.Maybe Core.POSIX,
    -- | The Amazon Resource Name (ARN) of the customer managed KMS key that the
    -- ledger uses for encryption at rest. If this parameter is undefined, the
    -- ledger uses an Amazon Web Services owned KMS key for encryption.
    LedgerEncryptionDescription -> Text
kmsKeyArn :: Prelude.Text,
    -- | The current state of encryption at rest for the ledger. This can be one
    -- of the following values:
    --
    -- -   @ENABLED@: Encryption is fully enabled using the specified key.
    --
    -- -   @UPDATING@: The ledger is actively processing the specified key
    --     change.
    --
    --     Key changes in QLDB are asynchronous. The ledger is fully accessible
    --     without any performance impact while the key change is being
    --     processed. The amount of time it takes to update a key varies
    --     depending on the ledger size.
    --
    -- -   @KMS_KEY_INACCESSIBLE@: The specified customer managed KMS key is
    --     not accessible, and the ledger is impaired. Either the key was
    --     disabled or deleted, or the grants on the key were revoked. When a
    --     ledger is impaired, it is not accessible and does not accept any
    --     read or write requests.
    --
    --     An impaired ledger automatically returns to an active state after
    --     you restore the grants on the key, or re-enable the key that was
    --     disabled. However, deleting a customer managed KMS key is
    --     irreversible. After a key is deleted, you can no longer access the
    --     ledgers that are protected with that key, and the data becomes
    --     unrecoverable permanently.
    LedgerEncryptionDescription -> EncryptionStatus
encryptionStatus :: EncryptionStatus
  }
  deriving (LedgerEncryptionDescription -> LedgerEncryptionDescription -> Bool
(LedgerEncryptionDescription
 -> LedgerEncryptionDescription -> Bool)
-> (LedgerEncryptionDescription
    -> LedgerEncryptionDescription -> Bool)
-> Eq LedgerEncryptionDescription
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: LedgerEncryptionDescription -> LedgerEncryptionDescription -> Bool
$c/= :: LedgerEncryptionDescription -> LedgerEncryptionDescription -> Bool
== :: LedgerEncryptionDescription -> LedgerEncryptionDescription -> Bool
$c== :: LedgerEncryptionDescription -> LedgerEncryptionDescription -> Bool
Prelude.Eq, ReadPrec [LedgerEncryptionDescription]
ReadPrec LedgerEncryptionDescription
Int -> ReadS LedgerEncryptionDescription
ReadS [LedgerEncryptionDescription]
(Int -> ReadS LedgerEncryptionDescription)
-> ReadS [LedgerEncryptionDescription]
-> ReadPrec LedgerEncryptionDescription
-> ReadPrec [LedgerEncryptionDescription]
-> Read LedgerEncryptionDescription
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [LedgerEncryptionDescription]
$creadListPrec :: ReadPrec [LedgerEncryptionDescription]
readPrec :: ReadPrec LedgerEncryptionDescription
$creadPrec :: ReadPrec LedgerEncryptionDescription
readList :: ReadS [LedgerEncryptionDescription]
$creadList :: ReadS [LedgerEncryptionDescription]
readsPrec :: Int -> ReadS LedgerEncryptionDescription
$creadsPrec :: Int -> ReadS LedgerEncryptionDescription
Prelude.Read, Int -> LedgerEncryptionDescription -> ShowS
[LedgerEncryptionDescription] -> ShowS
LedgerEncryptionDescription -> String
(Int -> LedgerEncryptionDescription -> ShowS)
-> (LedgerEncryptionDescription -> String)
-> ([LedgerEncryptionDescription] -> ShowS)
-> Show LedgerEncryptionDescription
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [LedgerEncryptionDescription] -> ShowS
$cshowList :: [LedgerEncryptionDescription] -> ShowS
show :: LedgerEncryptionDescription -> String
$cshow :: LedgerEncryptionDescription -> String
showsPrec :: Int -> LedgerEncryptionDescription -> ShowS
$cshowsPrec :: Int -> LedgerEncryptionDescription -> ShowS
Prelude.Show, (forall x.
 LedgerEncryptionDescription -> Rep LedgerEncryptionDescription x)
-> (forall x.
    Rep LedgerEncryptionDescription x -> LedgerEncryptionDescription)
-> Generic LedgerEncryptionDescription
forall x.
Rep LedgerEncryptionDescription x -> LedgerEncryptionDescription
forall x.
LedgerEncryptionDescription -> Rep LedgerEncryptionDescription x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x.
Rep LedgerEncryptionDescription x -> LedgerEncryptionDescription
$cfrom :: forall x.
LedgerEncryptionDescription -> Rep LedgerEncryptionDescription x
Prelude.Generic)

-- |
-- Create a value of 'LedgerEncryptionDescription' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'inaccessibleKmsKeyDateTime', 'ledgerEncryptionDescription_inaccessibleKmsKeyDateTime' - The date and time, in epoch time format, when the KMS key first became
-- inaccessible, in the case of an error. (Epoch time format is the number
-- of seconds that have elapsed since 12:00:00 AM January 1, 1970 UTC.)
--
-- This parameter is undefined if the KMS key is accessible.
--
-- 'kmsKeyArn', 'ledgerEncryptionDescription_kmsKeyArn' - The Amazon Resource Name (ARN) of the customer managed KMS key that the
-- ledger uses for encryption at rest. If this parameter is undefined, the
-- ledger uses an Amazon Web Services owned KMS key for encryption.
--
-- 'encryptionStatus', 'ledgerEncryptionDescription_encryptionStatus' - The current state of encryption at rest for the ledger. This can be one
-- of the following values:
--
-- -   @ENABLED@: Encryption is fully enabled using the specified key.
--
-- -   @UPDATING@: The ledger is actively processing the specified key
--     change.
--
--     Key changes in QLDB are asynchronous. The ledger is fully accessible
--     without any performance impact while the key change is being
--     processed. The amount of time it takes to update a key varies
--     depending on the ledger size.
--
-- -   @KMS_KEY_INACCESSIBLE@: The specified customer managed KMS key is
--     not accessible, and the ledger is impaired. Either the key was
--     disabled or deleted, or the grants on the key were revoked. When a
--     ledger is impaired, it is not accessible and does not accept any
--     read or write requests.
--
--     An impaired ledger automatically returns to an active state after
--     you restore the grants on the key, or re-enable the key that was
--     disabled. However, deleting a customer managed KMS key is
--     irreversible. After a key is deleted, you can no longer access the
--     ledgers that are protected with that key, and the data becomes
--     unrecoverable permanently.
newLedgerEncryptionDescription ::
  -- | 'kmsKeyArn'
  Prelude.Text ->
  -- | 'encryptionStatus'
  EncryptionStatus ->
  LedgerEncryptionDescription
newLedgerEncryptionDescription :: Text -> EncryptionStatus -> LedgerEncryptionDescription
newLedgerEncryptionDescription
  Text
pKmsKeyArn_
  EncryptionStatus
pEncryptionStatus_ =
    LedgerEncryptionDescription' :: Maybe POSIX
-> Text -> EncryptionStatus -> LedgerEncryptionDescription
LedgerEncryptionDescription'
      { $sel:inaccessibleKmsKeyDateTime:LedgerEncryptionDescription' :: Maybe POSIX
inaccessibleKmsKeyDateTime =
          Maybe POSIX
forall a. Maybe a
Prelude.Nothing,
        $sel:kmsKeyArn:LedgerEncryptionDescription' :: Text
kmsKeyArn = Text
pKmsKeyArn_,
        $sel:encryptionStatus:LedgerEncryptionDescription' :: EncryptionStatus
encryptionStatus = EncryptionStatus
pEncryptionStatus_
      }

-- | The date and time, in epoch time format, when the KMS key first became
-- inaccessible, in the case of an error. (Epoch time format is the number
-- of seconds that have elapsed since 12:00:00 AM January 1, 1970 UTC.)
--
-- This parameter is undefined if the KMS key is accessible.
ledgerEncryptionDescription_inaccessibleKmsKeyDateTime :: Lens.Lens' LedgerEncryptionDescription (Prelude.Maybe Prelude.UTCTime)
ledgerEncryptionDescription_inaccessibleKmsKeyDateTime :: (Maybe UTCTime -> f (Maybe UTCTime))
-> LedgerEncryptionDescription -> f LedgerEncryptionDescription
ledgerEncryptionDescription_inaccessibleKmsKeyDateTime = (LedgerEncryptionDescription -> Maybe POSIX)
-> (LedgerEncryptionDescription
    -> Maybe POSIX -> LedgerEncryptionDescription)
-> Lens
     LedgerEncryptionDescription
     LedgerEncryptionDescription
     (Maybe POSIX)
     (Maybe POSIX)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\LedgerEncryptionDescription' {Maybe POSIX
inaccessibleKmsKeyDateTime :: Maybe POSIX
$sel:inaccessibleKmsKeyDateTime:LedgerEncryptionDescription' :: LedgerEncryptionDescription -> Maybe POSIX
inaccessibleKmsKeyDateTime} -> Maybe POSIX
inaccessibleKmsKeyDateTime) (\s :: LedgerEncryptionDescription
s@LedgerEncryptionDescription' {} Maybe POSIX
a -> LedgerEncryptionDescription
s {$sel:inaccessibleKmsKeyDateTime:LedgerEncryptionDescription' :: Maybe POSIX
inaccessibleKmsKeyDateTime = Maybe POSIX
a} :: LedgerEncryptionDescription) ((Maybe POSIX -> f (Maybe POSIX))
 -> LedgerEncryptionDescription -> f LedgerEncryptionDescription)
-> ((Maybe UTCTime -> f (Maybe UTCTime))
    -> Maybe POSIX -> f (Maybe POSIX))
-> (Maybe UTCTime -> f (Maybe UTCTime))
-> LedgerEncryptionDescription
-> f LedgerEncryptionDescription
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. AnIso POSIX POSIX UTCTime UTCTime
-> Iso (Maybe POSIX) (Maybe POSIX) (Maybe UTCTime) (Maybe UTCTime)
forall (f :: * -> *) (g :: * -> *) s t a b.
(Functor f, Functor g) =>
AnIso s t a b -> Iso (f s) (g t) (f a) (g b)
Lens.mapping AnIso POSIX POSIX UTCTime UTCTime
forall (a :: Format). Iso' (Time a) UTCTime
Core._Time

-- | The Amazon Resource Name (ARN) of the customer managed KMS key that the
-- ledger uses for encryption at rest. If this parameter is undefined, the
-- ledger uses an Amazon Web Services owned KMS key for encryption.
ledgerEncryptionDescription_kmsKeyArn :: Lens.Lens' LedgerEncryptionDescription Prelude.Text
ledgerEncryptionDescription_kmsKeyArn :: (Text -> f Text)
-> LedgerEncryptionDescription -> f LedgerEncryptionDescription
ledgerEncryptionDescription_kmsKeyArn = (LedgerEncryptionDescription -> Text)
-> (LedgerEncryptionDescription
    -> Text -> LedgerEncryptionDescription)
-> Lens
     LedgerEncryptionDescription LedgerEncryptionDescription Text Text
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\LedgerEncryptionDescription' {Text
kmsKeyArn :: Text
$sel:kmsKeyArn:LedgerEncryptionDescription' :: LedgerEncryptionDescription -> Text
kmsKeyArn} -> Text
kmsKeyArn) (\s :: LedgerEncryptionDescription
s@LedgerEncryptionDescription' {} Text
a -> LedgerEncryptionDescription
s {$sel:kmsKeyArn:LedgerEncryptionDescription' :: Text
kmsKeyArn = Text
a} :: LedgerEncryptionDescription)

-- | The current state of encryption at rest for the ledger. This can be one
-- of the following values:
--
-- -   @ENABLED@: Encryption is fully enabled using the specified key.
--
-- -   @UPDATING@: The ledger is actively processing the specified key
--     change.
--
--     Key changes in QLDB are asynchronous. The ledger is fully accessible
--     without any performance impact while the key change is being
--     processed. The amount of time it takes to update a key varies
--     depending on the ledger size.
--
-- -   @KMS_KEY_INACCESSIBLE@: The specified customer managed KMS key is
--     not accessible, and the ledger is impaired. Either the key was
--     disabled or deleted, or the grants on the key were revoked. When a
--     ledger is impaired, it is not accessible and does not accept any
--     read or write requests.
--
--     An impaired ledger automatically returns to an active state after
--     you restore the grants on the key, or re-enable the key that was
--     disabled. However, deleting a customer managed KMS key is
--     irreversible. After a key is deleted, you can no longer access the
--     ledgers that are protected with that key, and the data becomes
--     unrecoverable permanently.
ledgerEncryptionDescription_encryptionStatus :: Lens.Lens' LedgerEncryptionDescription EncryptionStatus
ledgerEncryptionDescription_encryptionStatus :: (EncryptionStatus -> f EncryptionStatus)
-> LedgerEncryptionDescription -> f LedgerEncryptionDescription
ledgerEncryptionDescription_encryptionStatus = (LedgerEncryptionDescription -> EncryptionStatus)
-> (LedgerEncryptionDescription
    -> EncryptionStatus -> LedgerEncryptionDescription)
-> Lens
     LedgerEncryptionDescription
     LedgerEncryptionDescription
     EncryptionStatus
     EncryptionStatus
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\LedgerEncryptionDescription' {EncryptionStatus
encryptionStatus :: EncryptionStatus
$sel:encryptionStatus:LedgerEncryptionDescription' :: LedgerEncryptionDescription -> EncryptionStatus
encryptionStatus} -> EncryptionStatus
encryptionStatus) (\s :: LedgerEncryptionDescription
s@LedgerEncryptionDescription' {} EncryptionStatus
a -> LedgerEncryptionDescription
s {$sel:encryptionStatus:LedgerEncryptionDescription' :: EncryptionStatus
encryptionStatus = EncryptionStatus
a} :: LedgerEncryptionDescription)

instance Core.FromJSON LedgerEncryptionDescription where
  parseJSON :: Value -> Parser LedgerEncryptionDescription
parseJSON =
    String
-> (Object -> Parser LedgerEncryptionDescription)
-> Value
-> Parser LedgerEncryptionDescription
forall a. String -> (Object -> Parser a) -> Value -> Parser a
Core.withObject
      String
"LedgerEncryptionDescription"
      ( \Object
x ->
          Maybe POSIX
-> Text -> EncryptionStatus -> LedgerEncryptionDescription
LedgerEncryptionDescription'
            (Maybe POSIX
 -> Text -> EncryptionStatus -> LedgerEncryptionDescription)
-> Parser (Maybe POSIX)
-> Parser (Text -> EncryptionStatus -> LedgerEncryptionDescription)
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> (Object
x Object -> Text -> Parser (Maybe POSIX)
forall a. FromJSON a => Object -> Text -> Parser (Maybe a)
Core..:? Text
"InaccessibleKmsKeyDateTime")
            Parser (Text -> EncryptionStatus -> LedgerEncryptionDescription)
-> Parser Text
-> Parser (EncryptionStatus -> LedgerEncryptionDescription)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x Object -> Text -> Parser Text
forall a. FromJSON a => Object -> Text -> Parser a
Core..: Text
"KmsKeyArn")
            Parser (EncryptionStatus -> LedgerEncryptionDescription)
-> Parser EncryptionStatus -> Parser LedgerEncryptionDescription
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x Object -> Text -> Parser EncryptionStatus
forall a. FromJSON a => Object -> Text -> Parser a
Core..: Text
"EncryptionStatus")
      )

instance Prelude.Hashable LedgerEncryptionDescription

instance Prelude.NFData LedgerEncryptionDescription