{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE TypeFamilies #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-binds #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.SecretsManager.CreateSecret
-- Copyright   : (c) 2013-2021 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
--
-- Creates a new secret. A secret in Secrets Manager consists of both the
-- protected secret data and the important information needed to manage the
-- secret.
--
-- Secrets Manager stores the encrypted secret data in one of a collection
-- of \"versions\" associated with the secret. Each version contains a copy
-- of the encrypted secret data. Each version is associated with one or
-- more \"staging labels\" that identify where the version is in the
-- rotation cycle. The @SecretVersionsToStages@ field of the secret
-- contains the mapping of staging labels to the active versions of the
-- secret. Versions without a staging label are considered deprecated and
-- not included in the list.
--
-- You provide the secret data to be encrypted by putting text in either
-- the @SecretString@ parameter or binary data in the @SecretBinary@
-- parameter, but not both. If you include @SecretString@ or @SecretBinary@
-- then Secrets Manager also creates an initial secret version and
-- automatically attaches the staging label @AWSCURRENT@ to the new
-- version.
--
-- -   If you call an operation to encrypt or decrypt the @SecretString@ or
--     @SecretBinary@ for a secret in the same account as the calling user
--     and that secret doesn\'t specify a Amazon Web Services KMS
--     encryption key, Secrets Manager uses the account\'s default Amazon
--     Web Services managed customer master key (CMK) with the alias
--     @aws\/secretsmanager@. If this key doesn\'t already exist in your
--     account then Secrets Manager creates it for you automatically. All
--     users and roles in the same Amazon Web Services account
--     automatically have access to use the default CMK. Note that if an
--     Secrets Manager API call results in Amazon Web Services creating the
--     account\'s Amazon Web Services-managed CMK, it can result in a
--     one-time significant delay in returning the result.
--
-- -   If the secret resides in a different Amazon Web Services account
--     from the credentials calling an API that requires encryption or
--     decryption of the secret value then you must create and use a custom
--     Amazon Web Services KMS CMK because you can\'t access the default
--     CMK for the account using credentials from a different Amazon Web
--     Services account. Store the ARN of the CMK in the secret when you
--     create the secret or when you update it by including it in the
--     @KMSKeyId@. If you call an API that must encrypt or decrypt
--     @SecretString@ or @SecretBinary@ using credentials from a different
--     account then the Amazon Web Services KMS key policy must grant
--     cross-account access to that other account\'s user or role for both
--     the kms:GenerateDataKey and kms:Decrypt operations.
--
-- __Minimum permissions__
--
-- To run this command, you must have the following permissions:
--
-- -   secretsmanager:CreateSecret
--
-- -   kms:GenerateDataKey - needed only if you use a customer-managed
--     Amazon Web Services KMS key to encrypt the secret. You do not need
--     this permission to use the account default Amazon Web Services
--     managed CMK for Secrets Manager.
--
-- -   kms:Decrypt - needed only if you use a customer-managed Amazon Web
--     Services KMS key to encrypt the secret. You do not need this
--     permission to use the account default Amazon Web Services managed
--     CMK for Secrets Manager.
--
-- -   secretsmanager:TagResource - needed only if you include the @Tags@
--     parameter.
--
-- __Related operations__
--
-- -   To delete a secret, use DeleteSecret.
--
-- -   To modify an existing secret, use UpdateSecret.
--
-- -   To create a new version of a secret, use PutSecretValue.
--
-- -   To retrieve the encrypted secure string and secure binary values,
--     use GetSecretValue.
--
-- -   To retrieve all other details for a secret, use DescribeSecret. This
--     does not include the encrypted secure string and secure binary
--     values.
--
-- -   To retrieve the list of secret versions associated with the current
--     secret, use DescribeSecret and examine the @SecretVersionsToStages@
--     response value.
module Amazonka.SecretsManager.CreateSecret
  ( -- * Creating a Request
    CreateSecret (..),
    newCreateSecret,

    -- * Request Lenses
    createSecret_addReplicaRegions,
    createSecret_secretBinary,
    createSecret_kmsKeyId,
    createSecret_forceOverwriteReplicaSecret,
    createSecret_secretString,
    createSecret_clientRequestToken,
    createSecret_description,
    createSecret_tags,
    createSecret_name,

    -- * Destructuring the Response
    CreateSecretResponse (..),
    newCreateSecretResponse,

    -- * Response Lenses
    createSecretResponse_versionId,
    createSecretResponse_arn,
    createSecretResponse_name,
    createSecretResponse_replicationStatus,
    createSecretResponse_httpStatus,
  )
where

import qualified Amazonka.Core as Core
import qualified Amazonka.Lens as Lens
import qualified Amazonka.Prelude as Prelude
import qualified Amazonka.Request as Request
import qualified Amazonka.Response as Response
import Amazonka.SecretsManager.Types

-- | /See:/ 'newCreateSecret' smart constructor.
data CreateSecret = CreateSecret'
  { -- | (Optional) Add a list of regions to replicate secrets. Secrets Manager
    -- replicates the KMSKeyID objects to the list of regions specified in the
    -- parameter.
    CreateSecret -> Maybe (NonEmpty ReplicaRegionType)
addReplicaRegions :: Prelude.Maybe (Prelude.NonEmpty ReplicaRegionType),
    -- | (Optional) Specifies binary data that you want to encrypt and store in
    -- the new version of the secret. To use this parameter in the command-line
    -- tools, we recommend that you store your binary data in a file and then
    -- use the appropriate technique for your tool to pass the contents of the
    -- file as a parameter.
    --
    -- Either @SecretString@ or @SecretBinary@ must have a value, but not both.
    -- They cannot both be empty.
    --
    -- This parameter is not available using the Secrets Manager console. It
    -- can be accessed only by using the Amazon Web Services CLI or one of the
    -- Amazon Web Services SDKs.
    CreateSecret -> Maybe (Sensitive Base64)
secretBinary :: Prelude.Maybe (Core.Sensitive Core.Base64),
    -- | (Optional) Specifies the ARN, Key ID, or alias of the Amazon Web
    -- Services KMS customer master key (CMK) to be used to encrypt the
    -- @SecretString@ or @SecretBinary@ values in the versions stored in this
    -- secret.
    --
    -- You can specify any of the supported ways to identify a Amazon Web
    -- Services KMS key ID. If you need to reference a CMK in a different
    -- account, you can use only the key ARN or the alias ARN.
    --
    -- If you don\'t specify this value, then Secrets Manager defaults to using
    -- the Amazon Web Services account\'s default CMK (the one named
    -- @aws\/secretsmanager@). If a Amazon Web Services KMS CMK with that name
    -- doesn\'t yet exist, then Secrets Manager creates it for you
    -- automatically the first time it needs to encrypt a version\'s
    -- @SecretString@ or @SecretBinary@ fields.
    --
    -- You can use the account default CMK to encrypt and decrypt only if you
    -- call this operation using credentials from the same account that owns
    -- the secret. If the secret resides in a different account, then you must
    -- create a custom CMK and specify the ARN in this field.
    CreateSecret -> Maybe Text
kmsKeyId :: Prelude.Maybe Prelude.Text,
    -- | (Optional) If set, the replication overwrites a secret with the same
    -- name in the destination region.
    CreateSecret -> Maybe Bool
forceOverwriteReplicaSecret :: Prelude.Maybe Prelude.Bool,
    -- | (Optional) Specifies text data that you want to encrypt and store in
    -- this new version of the secret.
    --
    -- Either @SecretString@ or @SecretBinary@ must have a value, but not both.
    -- They cannot both be empty.
    --
    -- If you create a secret by using the Secrets Manager console then Secrets
    -- Manager puts the protected secret text in only the @SecretString@
    -- parameter. The Secrets Manager console stores the information as a JSON
    -- structure of key\/value pairs that the Lambda rotation function knows
    -- how to parse.
    --
    -- For storing multiple values, we recommend that you use a JSON text
    -- string argument and specify key\/value pairs. For more information, see
    -- <https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-parameters.html Specifying parameter values for the Amazon Web Services CLI>
    -- in the Amazon Web Services CLI User Guide.
    CreateSecret -> Maybe (Sensitive Text)
secretString :: Prelude.Maybe (Core.Sensitive Prelude.Text),
    -- | (Optional) If you include @SecretString@ or @SecretBinary@, then an
    -- initial version is created as part of the secret, and this parameter
    -- specifies a unique identifier for the new version.
    --
    -- If you use the Amazon Web Services CLI or one of the Amazon Web Services
    -- SDK to call this operation, then you can leave this parameter empty. The
    -- CLI or SDK generates a random UUID for you and includes it as the value
    -- for this parameter in the request. If you don\'t use the SDK and instead
    -- generate a raw HTTP request to the Secrets Manager service endpoint,
    -- then you must generate a @ClientRequestToken@ yourself for the new
    -- version and include the value in the request.
    --
    -- This value helps ensure idempotency. Secrets Manager uses this value to
    -- prevent the accidental creation of duplicate versions if there are
    -- failures and retries during a rotation. We recommend that you generate a
    -- <https://wikipedia.org/wiki/Universally_unique_identifier UUID-type>
    -- value to ensure uniqueness of your versions within the specified secret.
    --
    -- -   If the @ClientRequestToken@ value isn\'t already associated with a
    --     version of the secret then a new version of the secret is created.
    --
    -- -   If a version with this value already exists and the version
    --     @SecretString@ and @SecretBinary@ values are the same as those in
    --     the request, then the request is ignored.
    --
    -- -   If a version with this value already exists and that version\'s
    --     @SecretString@ and @SecretBinary@ values are different from those in
    --     the request, then the request fails because you cannot modify an
    --     existing version. Instead, use PutSecretValue to create a new
    --     version.
    --
    -- This value becomes the @VersionId@ of the new version.
    CreateSecret -> Maybe Text
clientRequestToken :: Prelude.Maybe Prelude.Text,
    -- | (Optional) Specifies a user-provided description of the secret.
    CreateSecret -> Maybe Text
description :: Prelude.Maybe Prelude.Text,
    -- | (Optional) Specifies a list of user-defined tags that are attached to
    -- the secret. Each tag is a \"Key\" and \"Value\" pair of strings. This
    -- operation only appends tags to the existing list of tags. To remove
    -- tags, you must use UntagResource.
    --
    -- -   Secrets Manager tag key names are case sensitive. A tag with the key
    --     \"ABC\" is a different tag from one with key \"abc\".
    --
    -- -   If you check tags in IAM policy @Condition@ elements as part of your
    --     security strategy, then adding or removing a tag can change
    --     permissions. If the successful completion of this operation would
    --     result in you losing your permissions for this secret, then this
    --     operation is blocked and returns an @Access Denied@ error.
    --
    -- This parameter requires a JSON text string argument. For information on
    -- how to format a JSON parameter for the various command line tool
    -- environments, see
    -- <https://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json Using JSON for Parameters>
    -- in the /CLI User Guide/. For example:
    --
    -- @[{\"Key\":\"CostCenter\",\"Value\":\"12345\"},{\"Key\":\"environment\",\"Value\":\"production\"}]@
    --
    -- If your command-line tool or SDK requires quotation marks around the
    -- parameter, you should use single quotes to avoid confusion with the
    -- double quotes required in the JSON text.
    --
    -- The following basic restrictions apply to tags:
    --
    -- -   Maximum number of tags per secret—50
    --
    -- -   Maximum key length—127 Unicode characters in UTF-8
    --
    -- -   Maximum value length—255 Unicode characters in UTF-8
    --
    -- -   Tag keys and values are case sensitive.
    --
    -- -   Do not use the @aws:@ prefix in your tag names or values because
    --     Amazon Web Services reserves it for Amazon Web Services use. You
    --     can\'t edit or delete tag names or values with this prefix. Tags
    --     with this prefix do not count against your tags per secret limit.
    --
    -- -   If you use your tagging schema across multiple services and
    --     resources, remember other services might have restrictions on
    --     allowed characters. Generally allowed characters: letters, spaces,
    --     and numbers representable in UTF-8, plus the following special
    --     characters: + - = . _ : \/ \@.
    CreateSecret -> Maybe [Tag]
tags :: Prelude.Maybe [Tag],
    -- | Specifies the friendly name of the new secret.
    --
    -- The secret name must be ASCII letters, digits, or the following
    -- characters : \/_+=.\@-
    --
    -- Do not end your secret name with a hyphen followed by six characters. If
    -- you do so, you risk confusion and unexpected results when searching for
    -- a secret by partial ARN. Secrets Manager automatically adds a hyphen and
    -- six random characters at the end of the ARN.
    CreateSecret -> Text
name :: Prelude.Text
  }
  deriving (CreateSecret -> CreateSecret -> Bool
(CreateSecret -> CreateSecret -> Bool)
-> (CreateSecret -> CreateSecret -> Bool) -> Eq CreateSecret
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: CreateSecret -> CreateSecret -> Bool
$c/= :: CreateSecret -> CreateSecret -> Bool
== :: CreateSecret -> CreateSecret -> Bool
$c== :: CreateSecret -> CreateSecret -> Bool
Prelude.Eq, Int -> CreateSecret -> ShowS
[CreateSecret] -> ShowS
CreateSecret -> String
(Int -> CreateSecret -> ShowS)
-> (CreateSecret -> String)
-> ([CreateSecret] -> ShowS)
-> Show CreateSecret
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [CreateSecret] -> ShowS
$cshowList :: [CreateSecret] -> ShowS
show :: CreateSecret -> String
$cshow :: CreateSecret -> String
showsPrec :: Int -> CreateSecret -> ShowS
$cshowsPrec :: Int -> CreateSecret -> ShowS
Prelude.Show, (forall x. CreateSecret -> Rep CreateSecret x)
-> (forall x. Rep CreateSecret x -> CreateSecret)
-> Generic CreateSecret
forall x. Rep CreateSecret x -> CreateSecret
forall x. CreateSecret -> Rep CreateSecret x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x. Rep CreateSecret x -> CreateSecret
$cfrom :: forall x. CreateSecret -> Rep CreateSecret x
Prelude.Generic)

-- |
-- Create a value of 'CreateSecret' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'addReplicaRegions', 'createSecret_addReplicaRegions' - (Optional) Add a list of regions to replicate secrets. Secrets Manager
-- replicates the KMSKeyID objects to the list of regions specified in the
-- parameter.
--
-- 'secretBinary', 'createSecret_secretBinary' - (Optional) Specifies binary data that you want to encrypt and store in
-- the new version of the secret. To use this parameter in the command-line
-- tools, we recommend that you store your binary data in a file and then
-- use the appropriate technique for your tool to pass the contents of the
-- file as a parameter.
--
-- Either @SecretString@ or @SecretBinary@ must have a value, but not both.
-- They cannot both be empty.
--
-- This parameter is not available using the Secrets Manager console. It
-- can be accessed only by using the Amazon Web Services CLI or one of the
-- Amazon Web Services SDKs.--
-- -- /Note:/ This 'Lens' automatically encodes and decodes Base64 data.
-- -- The underlying isomorphism will encode to Base64 representation during
-- -- serialisation, and decode from Base64 representation during deserialisation.
-- -- This 'Lens' accepts and returns only raw unencoded data.
--
-- 'kmsKeyId', 'createSecret_kmsKeyId' - (Optional) Specifies the ARN, Key ID, or alias of the Amazon Web
-- Services KMS customer master key (CMK) to be used to encrypt the
-- @SecretString@ or @SecretBinary@ values in the versions stored in this
-- secret.
--
-- You can specify any of the supported ways to identify a Amazon Web
-- Services KMS key ID. If you need to reference a CMK in a different
-- account, you can use only the key ARN or the alias ARN.
--
-- If you don\'t specify this value, then Secrets Manager defaults to using
-- the Amazon Web Services account\'s default CMK (the one named
-- @aws\/secretsmanager@). If a Amazon Web Services KMS CMK with that name
-- doesn\'t yet exist, then Secrets Manager creates it for you
-- automatically the first time it needs to encrypt a version\'s
-- @SecretString@ or @SecretBinary@ fields.
--
-- You can use the account default CMK to encrypt and decrypt only if you
-- call this operation using credentials from the same account that owns
-- the secret. If the secret resides in a different account, then you must
-- create a custom CMK and specify the ARN in this field.
--
-- 'forceOverwriteReplicaSecret', 'createSecret_forceOverwriteReplicaSecret' - (Optional) If set, the replication overwrites a secret with the same
-- name in the destination region.
--
-- 'secretString', 'createSecret_secretString' - (Optional) Specifies text data that you want to encrypt and store in
-- this new version of the secret.
--
-- Either @SecretString@ or @SecretBinary@ must have a value, but not both.
-- They cannot both be empty.
--
-- If you create a secret by using the Secrets Manager console then Secrets
-- Manager puts the protected secret text in only the @SecretString@
-- parameter. The Secrets Manager console stores the information as a JSON
-- structure of key\/value pairs that the Lambda rotation function knows
-- how to parse.
--
-- For storing multiple values, we recommend that you use a JSON text
-- string argument and specify key\/value pairs. For more information, see
-- <https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-parameters.html Specifying parameter values for the Amazon Web Services CLI>
-- in the Amazon Web Services CLI User Guide.
--
-- 'clientRequestToken', 'createSecret_clientRequestToken' - (Optional) If you include @SecretString@ or @SecretBinary@, then an
-- initial version is created as part of the secret, and this parameter
-- specifies a unique identifier for the new version.
--
-- If you use the Amazon Web Services CLI or one of the Amazon Web Services
-- SDK to call this operation, then you can leave this parameter empty. The
-- CLI or SDK generates a random UUID for you and includes it as the value
-- for this parameter in the request. If you don\'t use the SDK and instead
-- generate a raw HTTP request to the Secrets Manager service endpoint,
-- then you must generate a @ClientRequestToken@ yourself for the new
-- version and include the value in the request.
--
-- This value helps ensure idempotency. Secrets Manager uses this value to
-- prevent the accidental creation of duplicate versions if there are
-- failures and retries during a rotation. We recommend that you generate a
-- <https://wikipedia.org/wiki/Universally_unique_identifier UUID-type>
-- value to ensure uniqueness of your versions within the specified secret.
--
-- -   If the @ClientRequestToken@ value isn\'t already associated with a
--     version of the secret then a new version of the secret is created.
--
-- -   If a version with this value already exists and the version
--     @SecretString@ and @SecretBinary@ values are the same as those in
--     the request, then the request is ignored.
--
-- -   If a version with this value already exists and that version\'s
--     @SecretString@ and @SecretBinary@ values are different from those in
--     the request, then the request fails because you cannot modify an
--     existing version. Instead, use PutSecretValue to create a new
--     version.
--
-- This value becomes the @VersionId@ of the new version.
--
-- 'description', 'createSecret_description' - (Optional) Specifies a user-provided description of the secret.
--
-- 'tags', 'createSecret_tags' - (Optional) Specifies a list of user-defined tags that are attached to
-- the secret. Each tag is a \"Key\" and \"Value\" pair of strings. This
-- operation only appends tags to the existing list of tags. To remove
-- tags, you must use UntagResource.
--
-- -   Secrets Manager tag key names are case sensitive. A tag with the key
--     \"ABC\" is a different tag from one with key \"abc\".
--
-- -   If you check tags in IAM policy @Condition@ elements as part of your
--     security strategy, then adding or removing a tag can change
--     permissions. If the successful completion of this operation would
--     result in you losing your permissions for this secret, then this
--     operation is blocked and returns an @Access Denied@ error.
--
-- This parameter requires a JSON text string argument. For information on
-- how to format a JSON parameter for the various command line tool
-- environments, see
-- <https://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json Using JSON for Parameters>
-- in the /CLI User Guide/. For example:
--
-- @[{\"Key\":\"CostCenter\",\"Value\":\"12345\"},{\"Key\":\"environment\",\"Value\":\"production\"}]@
--
-- If your command-line tool or SDK requires quotation marks around the
-- parameter, you should use single quotes to avoid confusion with the
-- double quotes required in the JSON text.
--
-- The following basic restrictions apply to tags:
--
-- -   Maximum number of tags per secret—50
--
-- -   Maximum key length—127 Unicode characters in UTF-8
--
-- -   Maximum value length—255 Unicode characters in UTF-8
--
-- -   Tag keys and values are case sensitive.
--
-- -   Do not use the @aws:@ prefix in your tag names or values because
--     Amazon Web Services reserves it for Amazon Web Services use. You
--     can\'t edit or delete tag names or values with this prefix. Tags
--     with this prefix do not count against your tags per secret limit.
--
-- -   If you use your tagging schema across multiple services and
--     resources, remember other services might have restrictions on
--     allowed characters. Generally allowed characters: letters, spaces,
--     and numbers representable in UTF-8, plus the following special
--     characters: + - = . _ : \/ \@.
--
-- 'name', 'createSecret_name' - Specifies the friendly name of the new secret.
--
-- The secret name must be ASCII letters, digits, or the following
-- characters : \/_+=.\@-
--
-- Do not end your secret name with a hyphen followed by six characters. If
-- you do so, you risk confusion and unexpected results when searching for
-- a secret by partial ARN. Secrets Manager automatically adds a hyphen and
-- six random characters at the end of the ARN.
newCreateSecret ::
  -- | 'name'
  Prelude.Text ->
  CreateSecret
newCreateSecret :: Text -> CreateSecret
newCreateSecret Text
pName_ =
  CreateSecret' :: Maybe (NonEmpty ReplicaRegionType)
-> Maybe (Sensitive Base64)
-> Maybe Text
-> Maybe Bool
-> Maybe (Sensitive Text)
-> Maybe Text
-> Maybe Text
-> Maybe [Tag]
-> Text
-> CreateSecret
CreateSecret'
    { $sel:addReplicaRegions:CreateSecret' :: Maybe (NonEmpty ReplicaRegionType)
addReplicaRegions = Maybe (NonEmpty ReplicaRegionType)
forall a. Maybe a
Prelude.Nothing,
      $sel:secretBinary:CreateSecret' :: Maybe (Sensitive Base64)
secretBinary = Maybe (Sensitive Base64)
forall a. Maybe a
Prelude.Nothing,
      $sel:kmsKeyId:CreateSecret' :: Maybe Text
kmsKeyId = Maybe Text
forall a. Maybe a
Prelude.Nothing,
      $sel:forceOverwriteReplicaSecret:CreateSecret' :: Maybe Bool
forceOverwriteReplicaSecret = Maybe Bool
forall a. Maybe a
Prelude.Nothing,
      $sel:secretString:CreateSecret' :: Maybe (Sensitive Text)
secretString = Maybe (Sensitive Text)
forall a. Maybe a
Prelude.Nothing,
      $sel:clientRequestToken:CreateSecret' :: Maybe Text
clientRequestToken = Maybe Text
forall a. Maybe a
Prelude.Nothing,
      $sel:description:CreateSecret' :: Maybe Text
description = Maybe Text
forall a. Maybe a
Prelude.Nothing,
      $sel:tags:CreateSecret' :: Maybe [Tag]
tags = Maybe [Tag]
forall a. Maybe a
Prelude.Nothing,
      $sel:name:CreateSecret' :: Text
name = Text
pName_
    }

-- | (Optional) Add a list of regions to replicate secrets. Secrets Manager
-- replicates the KMSKeyID objects to the list of regions specified in the
-- parameter.
createSecret_addReplicaRegions :: Lens.Lens' CreateSecret (Prelude.Maybe (Prelude.NonEmpty ReplicaRegionType))
createSecret_addReplicaRegions :: (Maybe (NonEmpty ReplicaRegionType)
 -> f (Maybe (NonEmpty ReplicaRegionType)))
-> CreateSecret -> f CreateSecret
createSecret_addReplicaRegions = (CreateSecret -> Maybe (NonEmpty ReplicaRegionType))
-> (CreateSecret
    -> Maybe (NonEmpty ReplicaRegionType) -> CreateSecret)
-> Lens
     CreateSecret
     CreateSecret
     (Maybe (NonEmpty ReplicaRegionType))
     (Maybe (NonEmpty ReplicaRegionType))
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateSecret' {Maybe (NonEmpty ReplicaRegionType)
addReplicaRegions :: Maybe (NonEmpty ReplicaRegionType)
$sel:addReplicaRegions:CreateSecret' :: CreateSecret -> Maybe (NonEmpty ReplicaRegionType)
addReplicaRegions} -> Maybe (NonEmpty ReplicaRegionType)
addReplicaRegions) (\s :: CreateSecret
s@CreateSecret' {} Maybe (NonEmpty ReplicaRegionType)
a -> CreateSecret
s {$sel:addReplicaRegions:CreateSecret' :: Maybe (NonEmpty ReplicaRegionType)
addReplicaRegions = Maybe (NonEmpty ReplicaRegionType)
a} :: CreateSecret) ((Maybe (NonEmpty ReplicaRegionType)
  -> f (Maybe (NonEmpty ReplicaRegionType)))
 -> CreateSecret -> f CreateSecret)
-> ((Maybe (NonEmpty ReplicaRegionType)
     -> f (Maybe (NonEmpty ReplicaRegionType)))
    -> Maybe (NonEmpty ReplicaRegionType)
    -> f (Maybe (NonEmpty ReplicaRegionType)))
-> (Maybe (NonEmpty ReplicaRegionType)
    -> f (Maybe (NonEmpty ReplicaRegionType)))
-> CreateSecret
-> f CreateSecret
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. AnIso
  (NonEmpty ReplicaRegionType)
  (NonEmpty ReplicaRegionType)
  (NonEmpty ReplicaRegionType)
  (NonEmpty ReplicaRegionType)
-> Iso
     (Maybe (NonEmpty ReplicaRegionType))
     (Maybe (NonEmpty ReplicaRegionType))
     (Maybe (NonEmpty ReplicaRegionType))
     (Maybe (NonEmpty ReplicaRegionType))
forall (f :: * -> *) (g :: * -> *) s t a b.
(Functor f, Functor g) =>
AnIso s t a b -> Iso (f s) (g t) (f a) (g b)
Lens.mapping AnIso
  (NonEmpty ReplicaRegionType)
  (NonEmpty ReplicaRegionType)
  (NonEmpty ReplicaRegionType)
  (NonEmpty ReplicaRegionType)
forall s t a b. (Coercible s a, Coercible t b) => Iso s t a b
Lens.coerced

-- | (Optional) Specifies binary data that you want to encrypt and store in
-- the new version of the secret. To use this parameter in the command-line
-- tools, we recommend that you store your binary data in a file and then
-- use the appropriate technique for your tool to pass the contents of the
-- file as a parameter.
--
-- Either @SecretString@ or @SecretBinary@ must have a value, but not both.
-- They cannot both be empty.
--
-- This parameter is not available using the Secrets Manager console. It
-- can be accessed only by using the Amazon Web Services CLI or one of the
-- Amazon Web Services SDKs.--
-- -- /Note:/ This 'Lens' automatically encodes and decodes Base64 data.
-- -- The underlying isomorphism will encode to Base64 representation during
-- -- serialisation, and decode from Base64 representation during deserialisation.
-- -- This 'Lens' accepts and returns only raw unencoded data.
createSecret_secretBinary :: Lens.Lens' CreateSecret (Prelude.Maybe Prelude.ByteString)
createSecret_secretBinary :: (Maybe ByteString -> f (Maybe ByteString))
-> CreateSecret -> f CreateSecret
createSecret_secretBinary = (CreateSecret -> Maybe (Sensitive Base64))
-> (CreateSecret -> Maybe (Sensitive Base64) -> CreateSecret)
-> Lens
     CreateSecret
     CreateSecret
     (Maybe (Sensitive Base64))
     (Maybe (Sensitive Base64))
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateSecret' {Maybe (Sensitive Base64)
secretBinary :: Maybe (Sensitive Base64)
$sel:secretBinary:CreateSecret' :: CreateSecret -> Maybe (Sensitive Base64)
secretBinary} -> Maybe (Sensitive Base64)
secretBinary) (\s :: CreateSecret
s@CreateSecret' {} Maybe (Sensitive Base64)
a -> CreateSecret
s {$sel:secretBinary:CreateSecret' :: Maybe (Sensitive Base64)
secretBinary = Maybe (Sensitive Base64)
a} :: CreateSecret) ((Maybe (Sensitive Base64) -> f (Maybe (Sensitive Base64)))
 -> CreateSecret -> f CreateSecret)
-> ((Maybe ByteString -> f (Maybe ByteString))
    -> Maybe (Sensitive Base64) -> f (Maybe (Sensitive Base64)))
-> (Maybe ByteString -> f (Maybe ByteString))
-> CreateSecret
-> f CreateSecret
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. AnIso (Sensitive Base64) (Sensitive Base64) ByteString ByteString
-> Iso
     (Maybe (Sensitive Base64))
     (Maybe (Sensitive Base64))
     (Maybe ByteString)
     (Maybe ByteString)
forall (f :: * -> *) (g :: * -> *) s t a b.
(Functor f, Functor g) =>
AnIso s t a b -> Iso (f s) (g t) (f a) (g b)
Lens.mapping (Exchange ByteString ByteString Base64 (Identity Base64)
-> Exchange
     ByteString
     ByteString
     (Sensitive Base64)
     (Identity (Sensitive Base64))
forall a. Iso' (Sensitive a) a
Core._Sensitive (Exchange ByteString ByteString Base64 (Identity Base64)
 -> Exchange
      ByteString
      ByteString
      (Sensitive Base64)
      (Identity (Sensitive Base64)))
-> (Exchange ByteString ByteString ByteString (Identity ByteString)
    -> Exchange ByteString ByteString Base64 (Identity Base64))
-> AnIso
     (Sensitive Base64) (Sensitive Base64) ByteString ByteString
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. Exchange ByteString ByteString ByteString (Identity ByteString)
-> Exchange ByteString ByteString Base64 (Identity Base64)
Iso' Base64 ByteString
Core._Base64)

-- | (Optional) Specifies the ARN, Key ID, or alias of the Amazon Web
-- Services KMS customer master key (CMK) to be used to encrypt the
-- @SecretString@ or @SecretBinary@ values in the versions stored in this
-- secret.
--
-- You can specify any of the supported ways to identify a Amazon Web
-- Services KMS key ID. If you need to reference a CMK in a different
-- account, you can use only the key ARN or the alias ARN.
--
-- If you don\'t specify this value, then Secrets Manager defaults to using
-- the Amazon Web Services account\'s default CMK (the one named
-- @aws\/secretsmanager@). If a Amazon Web Services KMS CMK with that name
-- doesn\'t yet exist, then Secrets Manager creates it for you
-- automatically the first time it needs to encrypt a version\'s
-- @SecretString@ or @SecretBinary@ fields.
--
-- You can use the account default CMK to encrypt and decrypt only if you
-- call this operation using credentials from the same account that owns
-- the secret. If the secret resides in a different account, then you must
-- create a custom CMK and specify the ARN in this field.
createSecret_kmsKeyId :: Lens.Lens' CreateSecret (Prelude.Maybe Prelude.Text)
createSecret_kmsKeyId :: (Maybe Text -> f (Maybe Text)) -> CreateSecret -> f CreateSecret
createSecret_kmsKeyId = (CreateSecret -> Maybe Text)
-> (CreateSecret -> Maybe Text -> CreateSecret)
-> Lens CreateSecret CreateSecret (Maybe Text) (Maybe Text)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateSecret' {Maybe Text
kmsKeyId :: Maybe Text
$sel:kmsKeyId:CreateSecret' :: CreateSecret -> Maybe Text
kmsKeyId} -> Maybe Text
kmsKeyId) (\s :: CreateSecret
s@CreateSecret' {} Maybe Text
a -> CreateSecret
s {$sel:kmsKeyId:CreateSecret' :: Maybe Text
kmsKeyId = Maybe Text
a} :: CreateSecret)

-- | (Optional) If set, the replication overwrites a secret with the same
-- name in the destination region.
createSecret_forceOverwriteReplicaSecret :: Lens.Lens' CreateSecret (Prelude.Maybe Prelude.Bool)
createSecret_forceOverwriteReplicaSecret :: (Maybe Bool -> f (Maybe Bool)) -> CreateSecret -> f CreateSecret
createSecret_forceOverwriteReplicaSecret = (CreateSecret -> Maybe Bool)
-> (CreateSecret -> Maybe Bool -> CreateSecret)
-> Lens CreateSecret CreateSecret (Maybe Bool) (Maybe Bool)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateSecret' {Maybe Bool
forceOverwriteReplicaSecret :: Maybe Bool
$sel:forceOverwriteReplicaSecret:CreateSecret' :: CreateSecret -> Maybe Bool
forceOverwriteReplicaSecret} -> Maybe Bool
forceOverwriteReplicaSecret) (\s :: CreateSecret
s@CreateSecret' {} Maybe Bool
a -> CreateSecret
s {$sel:forceOverwriteReplicaSecret:CreateSecret' :: Maybe Bool
forceOverwriteReplicaSecret = Maybe Bool
a} :: CreateSecret)

-- | (Optional) Specifies text data that you want to encrypt and store in
-- this new version of the secret.
--
-- Either @SecretString@ or @SecretBinary@ must have a value, but not both.
-- They cannot both be empty.
--
-- If you create a secret by using the Secrets Manager console then Secrets
-- Manager puts the protected secret text in only the @SecretString@
-- parameter. The Secrets Manager console stores the information as a JSON
-- structure of key\/value pairs that the Lambda rotation function knows
-- how to parse.
--
-- For storing multiple values, we recommend that you use a JSON text
-- string argument and specify key\/value pairs. For more information, see
-- <https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-parameters.html Specifying parameter values for the Amazon Web Services CLI>
-- in the Amazon Web Services CLI User Guide.
createSecret_secretString :: Lens.Lens' CreateSecret (Prelude.Maybe Prelude.Text)
createSecret_secretString :: (Maybe Text -> f (Maybe Text)) -> CreateSecret -> f CreateSecret
createSecret_secretString = (CreateSecret -> Maybe (Sensitive Text))
-> (CreateSecret -> Maybe (Sensitive Text) -> CreateSecret)
-> Lens
     CreateSecret
     CreateSecret
     (Maybe (Sensitive Text))
     (Maybe (Sensitive Text))
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateSecret' {Maybe (Sensitive Text)
secretString :: Maybe (Sensitive Text)
$sel:secretString:CreateSecret' :: CreateSecret -> Maybe (Sensitive Text)
secretString} -> Maybe (Sensitive Text)
secretString) (\s :: CreateSecret
s@CreateSecret' {} Maybe (Sensitive Text)
a -> CreateSecret
s {$sel:secretString:CreateSecret' :: Maybe (Sensitive Text)
secretString = Maybe (Sensitive Text)
a} :: CreateSecret) ((Maybe (Sensitive Text) -> f (Maybe (Sensitive Text)))
 -> CreateSecret -> f CreateSecret)
-> ((Maybe Text -> f (Maybe Text))
    -> Maybe (Sensitive Text) -> f (Maybe (Sensitive Text)))
-> (Maybe Text -> f (Maybe Text))
-> CreateSecret
-> f CreateSecret
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. AnIso (Sensitive Text) (Sensitive Text) Text Text
-> Iso
     (Maybe (Sensitive Text))
     (Maybe (Sensitive Text))
     (Maybe Text)
     (Maybe Text)
forall (f :: * -> *) (g :: * -> *) s t a b.
(Functor f, Functor g) =>
AnIso s t a b -> Iso (f s) (g t) (f a) (g b)
Lens.mapping AnIso (Sensitive Text) (Sensitive Text) Text Text
forall a. Iso' (Sensitive a) a
Core._Sensitive

-- | (Optional) If you include @SecretString@ or @SecretBinary@, then an
-- initial version is created as part of the secret, and this parameter
-- specifies a unique identifier for the new version.
--
-- If you use the Amazon Web Services CLI or one of the Amazon Web Services
-- SDK to call this operation, then you can leave this parameter empty. The
-- CLI or SDK generates a random UUID for you and includes it as the value
-- for this parameter in the request. If you don\'t use the SDK and instead
-- generate a raw HTTP request to the Secrets Manager service endpoint,
-- then you must generate a @ClientRequestToken@ yourself for the new
-- version and include the value in the request.
--
-- This value helps ensure idempotency. Secrets Manager uses this value to
-- prevent the accidental creation of duplicate versions if there are
-- failures and retries during a rotation. We recommend that you generate a
-- <https://wikipedia.org/wiki/Universally_unique_identifier UUID-type>
-- value to ensure uniqueness of your versions within the specified secret.
--
-- -   If the @ClientRequestToken@ value isn\'t already associated with a
--     version of the secret then a new version of the secret is created.
--
-- -   If a version with this value already exists and the version
--     @SecretString@ and @SecretBinary@ values are the same as those in
--     the request, then the request is ignored.
--
-- -   If a version with this value already exists and that version\'s
--     @SecretString@ and @SecretBinary@ values are different from those in
--     the request, then the request fails because you cannot modify an
--     existing version. Instead, use PutSecretValue to create a new
--     version.
--
-- This value becomes the @VersionId@ of the new version.
createSecret_clientRequestToken :: Lens.Lens' CreateSecret (Prelude.Maybe Prelude.Text)
createSecret_clientRequestToken :: (Maybe Text -> f (Maybe Text)) -> CreateSecret -> f CreateSecret
createSecret_clientRequestToken = (CreateSecret -> Maybe Text)
-> (CreateSecret -> Maybe Text -> CreateSecret)
-> Lens CreateSecret CreateSecret (Maybe Text) (Maybe Text)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateSecret' {Maybe Text
clientRequestToken :: Maybe Text
$sel:clientRequestToken:CreateSecret' :: CreateSecret -> Maybe Text
clientRequestToken} -> Maybe Text
clientRequestToken) (\s :: CreateSecret
s@CreateSecret' {} Maybe Text
a -> CreateSecret
s {$sel:clientRequestToken:CreateSecret' :: Maybe Text
clientRequestToken = Maybe Text
a} :: CreateSecret)

-- | (Optional) Specifies a user-provided description of the secret.
createSecret_description :: Lens.Lens' CreateSecret (Prelude.Maybe Prelude.Text)
createSecret_description :: (Maybe Text -> f (Maybe Text)) -> CreateSecret -> f CreateSecret
createSecret_description = (CreateSecret -> Maybe Text)
-> (CreateSecret -> Maybe Text -> CreateSecret)
-> Lens CreateSecret CreateSecret (Maybe Text) (Maybe Text)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateSecret' {Maybe Text
description :: Maybe Text
$sel:description:CreateSecret' :: CreateSecret -> Maybe Text
description} -> Maybe Text
description) (\s :: CreateSecret
s@CreateSecret' {} Maybe Text
a -> CreateSecret
s {$sel:description:CreateSecret' :: Maybe Text
description = Maybe Text
a} :: CreateSecret)

-- | (Optional) Specifies a list of user-defined tags that are attached to
-- the secret. Each tag is a \"Key\" and \"Value\" pair of strings. This
-- operation only appends tags to the existing list of tags. To remove
-- tags, you must use UntagResource.
--
-- -   Secrets Manager tag key names are case sensitive. A tag with the key
--     \"ABC\" is a different tag from one with key \"abc\".
--
-- -   If you check tags in IAM policy @Condition@ elements as part of your
--     security strategy, then adding or removing a tag can change
--     permissions. If the successful completion of this operation would
--     result in you losing your permissions for this secret, then this
--     operation is blocked and returns an @Access Denied@ error.
--
-- This parameter requires a JSON text string argument. For information on
-- how to format a JSON parameter for the various command line tool
-- environments, see
-- <https://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json Using JSON for Parameters>
-- in the /CLI User Guide/. For example:
--
-- @[{\"Key\":\"CostCenter\",\"Value\":\"12345\"},{\"Key\":\"environment\",\"Value\":\"production\"}]@
--
-- If your command-line tool or SDK requires quotation marks around the
-- parameter, you should use single quotes to avoid confusion with the
-- double quotes required in the JSON text.
--
-- The following basic restrictions apply to tags:
--
-- -   Maximum number of tags per secret—50
--
-- -   Maximum key length—127 Unicode characters in UTF-8
--
-- -   Maximum value length—255 Unicode characters in UTF-8
--
-- -   Tag keys and values are case sensitive.
--
-- -   Do not use the @aws:@ prefix in your tag names or values because
--     Amazon Web Services reserves it for Amazon Web Services use. You
--     can\'t edit or delete tag names or values with this prefix. Tags
--     with this prefix do not count against your tags per secret limit.
--
-- -   If you use your tagging schema across multiple services and
--     resources, remember other services might have restrictions on
--     allowed characters. Generally allowed characters: letters, spaces,
--     and numbers representable in UTF-8, plus the following special
--     characters: + - = . _ : \/ \@.
createSecret_tags :: Lens.Lens' CreateSecret (Prelude.Maybe [Tag])
createSecret_tags :: (Maybe [Tag] -> f (Maybe [Tag])) -> CreateSecret -> f CreateSecret
createSecret_tags = (CreateSecret -> Maybe [Tag])
-> (CreateSecret -> Maybe [Tag] -> CreateSecret)
-> Lens CreateSecret CreateSecret (Maybe [Tag]) (Maybe [Tag])
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateSecret' {Maybe [Tag]
tags :: Maybe [Tag]
$sel:tags:CreateSecret' :: CreateSecret -> Maybe [Tag]
tags} -> Maybe [Tag]
tags) (\s :: CreateSecret
s@CreateSecret' {} Maybe [Tag]
a -> CreateSecret
s {$sel:tags:CreateSecret' :: Maybe [Tag]
tags = Maybe [Tag]
a} :: CreateSecret) ((Maybe [Tag] -> f (Maybe [Tag]))
 -> CreateSecret -> f CreateSecret)
-> ((Maybe [Tag] -> f (Maybe [Tag]))
    -> Maybe [Tag] -> f (Maybe [Tag]))
-> (Maybe [Tag] -> f (Maybe [Tag]))
-> CreateSecret
-> f CreateSecret
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. AnIso [Tag] [Tag] [Tag] [Tag]
-> Iso (Maybe [Tag]) (Maybe [Tag]) (Maybe [Tag]) (Maybe [Tag])
forall (f :: * -> *) (g :: * -> *) s t a b.
(Functor f, Functor g) =>
AnIso s t a b -> Iso (f s) (g t) (f a) (g b)
Lens.mapping AnIso [Tag] [Tag] [Tag] [Tag]
forall s t a b. (Coercible s a, Coercible t b) => Iso s t a b
Lens.coerced

-- | Specifies the friendly name of the new secret.
--
-- The secret name must be ASCII letters, digits, or the following
-- characters : \/_+=.\@-
--
-- Do not end your secret name with a hyphen followed by six characters. If
-- you do so, you risk confusion and unexpected results when searching for
-- a secret by partial ARN. Secrets Manager automatically adds a hyphen and
-- six random characters at the end of the ARN.
createSecret_name :: Lens.Lens' CreateSecret Prelude.Text
createSecret_name :: (Text -> f Text) -> CreateSecret -> f CreateSecret
createSecret_name = (CreateSecret -> Text)
-> (CreateSecret -> Text -> CreateSecret)
-> Lens CreateSecret CreateSecret Text Text
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateSecret' {Text
name :: Text
$sel:name:CreateSecret' :: CreateSecret -> Text
name} -> Text
name) (\s :: CreateSecret
s@CreateSecret' {} Text
a -> CreateSecret
s {$sel:name:CreateSecret' :: Text
name = Text
a} :: CreateSecret)

instance Core.AWSRequest CreateSecret where
  type AWSResponse CreateSecret = CreateSecretResponse
  request :: CreateSecret -> Request CreateSecret
request = Service -> CreateSecret -> Request CreateSecret
forall a. (ToRequest a, ToJSON a) => Service -> a -> Request a
Request.postJSON Service
defaultService
  response :: Logger
-> Service
-> Proxy CreateSecret
-> ClientResponse ClientBody
-> m (Either Error (ClientResponse (AWSResponse CreateSecret)))
response =
    (Int
 -> ResponseHeaders
 -> Object
 -> Either String (AWSResponse CreateSecret))
-> Logger
-> Service
-> Proxy CreateSecret
-> ClientResponse ClientBody
-> m (Either Error (ClientResponse (AWSResponse CreateSecret)))
forall (m :: * -> *) a.
MonadResource m =>
(Int -> ResponseHeaders -> Object -> Either String (AWSResponse a))
-> Logger
-> Service
-> Proxy a
-> ClientResponse ClientBody
-> m (Either Error (ClientResponse (AWSResponse a)))
Response.receiveJSON
      ( \Int
s ResponseHeaders
h Object
x ->
          Maybe Text
-> Maybe Text
-> Maybe Text
-> Maybe [ReplicationStatusType]
-> Int
-> CreateSecretResponse
CreateSecretResponse'
            (Maybe Text
 -> Maybe Text
 -> Maybe Text
 -> Maybe [ReplicationStatusType]
 -> Int
 -> CreateSecretResponse)
-> Either String (Maybe Text)
-> Either
     String
     (Maybe Text
      -> Maybe Text
      -> Maybe [ReplicationStatusType]
      -> Int
      -> CreateSecretResponse)
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> (Object
x Object -> Text -> Either String (Maybe Text)
forall a. FromJSON a => Object -> Text -> Either String (Maybe a)
Core..?> Text
"VersionId")
            Either
  String
  (Maybe Text
   -> Maybe Text
   -> Maybe [ReplicationStatusType]
   -> Int
   -> CreateSecretResponse)
-> Either String (Maybe Text)
-> Either
     String
     (Maybe Text
      -> Maybe [ReplicationStatusType] -> Int -> CreateSecretResponse)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x Object -> Text -> Either String (Maybe Text)
forall a. FromJSON a => Object -> Text -> Either String (Maybe a)
Core..?> Text
"ARN")
            Either
  String
  (Maybe Text
   -> Maybe [ReplicationStatusType] -> Int -> CreateSecretResponse)
-> Either String (Maybe Text)
-> Either
     String
     (Maybe [ReplicationStatusType] -> Int -> CreateSecretResponse)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x Object -> Text -> Either String (Maybe Text)
forall a. FromJSON a => Object -> Text -> Either String (Maybe a)
Core..?> Text
"Name")
            Either
  String
  (Maybe [ReplicationStatusType] -> Int -> CreateSecretResponse)
-> Either String (Maybe [ReplicationStatusType])
-> Either String (Int -> CreateSecretResponse)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> ( Object
x Object
-> Text -> Either String (Maybe (Maybe [ReplicationStatusType]))
forall a. FromJSON a => Object -> Text -> Either String (Maybe a)
Core..?> Text
"ReplicationStatus"
                            Either String (Maybe (Maybe [ReplicationStatusType]))
-> Maybe [ReplicationStatusType]
-> Either String (Maybe [ReplicationStatusType])
forall (f :: * -> *) a. Functor f => f (Maybe a) -> a -> f a
Core..!@ Maybe [ReplicationStatusType]
forall a. Monoid a => a
Prelude.mempty
                        )
            Either String (Int -> CreateSecretResponse)
-> Either String Int -> Either String CreateSecretResponse
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Int -> Either String Int
forall (f :: * -> *) a. Applicative f => a -> f a
Prelude.pure (Int -> Int
forall a. Enum a => a -> Int
Prelude.fromEnum Int
s))
      )

instance Prelude.Hashable CreateSecret

instance Prelude.NFData CreateSecret

instance Core.ToHeaders CreateSecret where
  toHeaders :: CreateSecret -> ResponseHeaders
toHeaders =
    ResponseHeaders -> CreateSecret -> ResponseHeaders
forall a b. a -> b -> a
Prelude.const
      ( [ResponseHeaders] -> ResponseHeaders
forall a. Monoid a => [a] -> a
Prelude.mconcat
          [ HeaderName
"X-Amz-Target"
              HeaderName -> ByteString -> ResponseHeaders
forall a. ToHeader a => HeaderName -> a -> ResponseHeaders
Core.=# ( ByteString
"secretsmanager.CreateSecret" ::
                          Prelude.ByteString
                      ),
            HeaderName
"Content-Type"
              HeaderName -> ByteString -> ResponseHeaders
forall a. ToHeader a => HeaderName -> a -> ResponseHeaders
Core.=# ( ByteString
"application/x-amz-json-1.1" ::
                          Prelude.ByteString
                      )
          ]
      )

instance Core.ToJSON CreateSecret where
  toJSON :: CreateSecret -> Value
toJSON CreateSecret' {Maybe Bool
Maybe [Tag]
Maybe (NonEmpty ReplicaRegionType)
Maybe Text
Maybe (Sensitive Text)
Maybe (Sensitive Base64)
Text
name :: Text
tags :: Maybe [Tag]
description :: Maybe Text
clientRequestToken :: Maybe Text
secretString :: Maybe (Sensitive Text)
forceOverwriteReplicaSecret :: Maybe Bool
kmsKeyId :: Maybe Text
secretBinary :: Maybe (Sensitive Base64)
addReplicaRegions :: Maybe (NonEmpty ReplicaRegionType)
$sel:name:CreateSecret' :: CreateSecret -> Text
$sel:tags:CreateSecret' :: CreateSecret -> Maybe [Tag]
$sel:description:CreateSecret' :: CreateSecret -> Maybe Text
$sel:clientRequestToken:CreateSecret' :: CreateSecret -> Maybe Text
$sel:secretString:CreateSecret' :: CreateSecret -> Maybe (Sensitive Text)
$sel:forceOverwriteReplicaSecret:CreateSecret' :: CreateSecret -> Maybe Bool
$sel:kmsKeyId:CreateSecret' :: CreateSecret -> Maybe Text
$sel:secretBinary:CreateSecret' :: CreateSecret -> Maybe (Sensitive Base64)
$sel:addReplicaRegions:CreateSecret' :: CreateSecret -> Maybe (NonEmpty ReplicaRegionType)
..} =
    [Pair] -> Value
Core.object
      ( [Maybe Pair] -> [Pair]
forall a. [Maybe a] -> [a]
Prelude.catMaybes
          [ (Text
"AddReplicaRegions" Text -> NonEmpty ReplicaRegionType -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..=)
              (NonEmpty ReplicaRegionType -> Pair)
-> Maybe (NonEmpty ReplicaRegionType) -> Maybe Pair
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe (NonEmpty ReplicaRegionType)
addReplicaRegions,
            (Text
"SecretBinary" Text -> Sensitive Base64 -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..=) (Sensitive Base64 -> Pair)
-> Maybe (Sensitive Base64) -> Maybe Pair
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe (Sensitive Base64)
secretBinary,
            (Text
"KmsKeyId" Text -> Text -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..=) (Text -> Pair) -> Maybe Text -> Maybe Pair
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe Text
kmsKeyId,
            (Text
"ForceOverwriteReplicaSecret" Text -> Bool -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..=)
              (Bool -> Pair) -> Maybe Bool -> Maybe Pair
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe Bool
forceOverwriteReplicaSecret,
            (Text
"SecretString" Text -> Sensitive Text -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..=) (Sensitive Text -> Pair) -> Maybe (Sensitive Text) -> Maybe Pair
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe (Sensitive Text)
secretString,
            (Text
"ClientRequestToken" Text -> Text -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..=)
              (Text -> Pair) -> Maybe Text -> Maybe Pair
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe Text
clientRequestToken,
            (Text
"Description" Text -> Text -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..=) (Text -> Pair) -> Maybe Text -> Maybe Pair
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe Text
description,
            (Text
"Tags" Text -> [Tag] -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..=) ([Tag] -> Pair) -> Maybe [Tag] -> Maybe Pair
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe [Tag]
tags,
            Pair -> Maybe Pair
forall a. a -> Maybe a
Prelude.Just (Text
"Name" Text -> Text -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..= Text
name)
          ]
      )

instance Core.ToPath CreateSecret where
  toPath :: CreateSecret -> ByteString
toPath = ByteString -> CreateSecret -> ByteString
forall a b. a -> b -> a
Prelude.const ByteString
"/"

instance Core.ToQuery CreateSecret where
  toQuery :: CreateSecret -> QueryString
toQuery = QueryString -> CreateSecret -> QueryString
forall a b. a -> b -> a
Prelude.const QueryString
forall a. Monoid a => a
Prelude.mempty

-- | /See:/ 'newCreateSecretResponse' smart constructor.
data CreateSecretResponse = CreateSecretResponse'
  { -- | The unique identifier associated with the version of the secret you just
    -- created.
    CreateSecretResponse -> Maybe Text
versionId :: Prelude.Maybe Prelude.Text,
    -- | The Amazon Resource Name (ARN) of the secret that you just created.
    --
    -- Secrets Manager automatically adds several random characters to the name
    -- at the end of the ARN when you initially create a secret. This affects
    -- only the ARN and not the actual friendly name. This ensures that if you
    -- create a new secret with the same name as an old secret that you
    -- previously deleted, then users with access to the old secret /don\'t/
    -- automatically get access to the new secret because the ARNs are
    -- different.
    CreateSecretResponse -> Maybe Text
arn :: Prelude.Maybe Prelude.Text,
    -- | The friendly name of the secret that you just created.
    CreateSecretResponse -> Maybe Text
name :: Prelude.Maybe Prelude.Text,
    -- | Describes a list of replication status objects as @InProgress@, @Failed@
    -- or @InSync@.
    CreateSecretResponse -> Maybe [ReplicationStatusType]
replicationStatus :: Prelude.Maybe [ReplicationStatusType],
    -- | The response's http status code.
    CreateSecretResponse -> Int
httpStatus :: Prelude.Int
  }
  deriving (CreateSecretResponse -> CreateSecretResponse -> Bool
(CreateSecretResponse -> CreateSecretResponse -> Bool)
-> (CreateSecretResponse -> CreateSecretResponse -> Bool)
-> Eq CreateSecretResponse
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: CreateSecretResponse -> CreateSecretResponse -> Bool
$c/= :: CreateSecretResponse -> CreateSecretResponse -> Bool
== :: CreateSecretResponse -> CreateSecretResponse -> Bool
$c== :: CreateSecretResponse -> CreateSecretResponse -> Bool
Prelude.Eq, ReadPrec [CreateSecretResponse]
ReadPrec CreateSecretResponse
Int -> ReadS CreateSecretResponse
ReadS [CreateSecretResponse]
(Int -> ReadS CreateSecretResponse)
-> ReadS [CreateSecretResponse]
-> ReadPrec CreateSecretResponse
-> ReadPrec [CreateSecretResponse]
-> Read CreateSecretResponse
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [CreateSecretResponse]
$creadListPrec :: ReadPrec [CreateSecretResponse]
readPrec :: ReadPrec CreateSecretResponse
$creadPrec :: ReadPrec CreateSecretResponse
readList :: ReadS [CreateSecretResponse]
$creadList :: ReadS [CreateSecretResponse]
readsPrec :: Int -> ReadS CreateSecretResponse
$creadsPrec :: Int -> ReadS CreateSecretResponse
Prelude.Read, Int -> CreateSecretResponse -> ShowS
[CreateSecretResponse] -> ShowS
CreateSecretResponse -> String
(Int -> CreateSecretResponse -> ShowS)
-> (CreateSecretResponse -> String)
-> ([CreateSecretResponse] -> ShowS)
-> Show CreateSecretResponse
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [CreateSecretResponse] -> ShowS
$cshowList :: [CreateSecretResponse] -> ShowS
show :: CreateSecretResponse -> String
$cshow :: CreateSecretResponse -> String
showsPrec :: Int -> CreateSecretResponse -> ShowS
$cshowsPrec :: Int -> CreateSecretResponse -> ShowS
Prelude.Show, (forall x. CreateSecretResponse -> Rep CreateSecretResponse x)
-> (forall x. Rep CreateSecretResponse x -> CreateSecretResponse)
-> Generic CreateSecretResponse
forall x. Rep CreateSecretResponse x -> CreateSecretResponse
forall x. CreateSecretResponse -> Rep CreateSecretResponse x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x. Rep CreateSecretResponse x -> CreateSecretResponse
$cfrom :: forall x. CreateSecretResponse -> Rep CreateSecretResponse x
Prelude.Generic)

-- |
-- Create a value of 'CreateSecretResponse' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'versionId', 'createSecretResponse_versionId' - The unique identifier associated with the version of the secret you just
-- created.
--
-- 'arn', 'createSecretResponse_arn' - The Amazon Resource Name (ARN) of the secret that you just created.
--
-- Secrets Manager automatically adds several random characters to the name
-- at the end of the ARN when you initially create a secret. This affects
-- only the ARN and not the actual friendly name. This ensures that if you
-- create a new secret with the same name as an old secret that you
-- previously deleted, then users with access to the old secret /don\'t/
-- automatically get access to the new secret because the ARNs are
-- different.
--
-- 'name', 'createSecretResponse_name' - The friendly name of the secret that you just created.
--
-- 'replicationStatus', 'createSecretResponse_replicationStatus' - Describes a list of replication status objects as @InProgress@, @Failed@
-- or @InSync@.
--
-- 'httpStatus', 'createSecretResponse_httpStatus' - The response's http status code.
newCreateSecretResponse ::
  -- | 'httpStatus'
  Prelude.Int ->
  CreateSecretResponse
newCreateSecretResponse :: Int -> CreateSecretResponse
newCreateSecretResponse Int
pHttpStatus_ =
  CreateSecretResponse' :: Maybe Text
-> Maybe Text
-> Maybe Text
-> Maybe [ReplicationStatusType]
-> Int
-> CreateSecretResponse
CreateSecretResponse'
    { $sel:versionId:CreateSecretResponse' :: Maybe Text
versionId = Maybe Text
forall a. Maybe a
Prelude.Nothing,
      $sel:arn:CreateSecretResponse' :: Maybe Text
arn = Maybe Text
forall a. Maybe a
Prelude.Nothing,
      $sel:name:CreateSecretResponse' :: Maybe Text
name = Maybe Text
forall a. Maybe a
Prelude.Nothing,
      $sel:replicationStatus:CreateSecretResponse' :: Maybe [ReplicationStatusType]
replicationStatus = Maybe [ReplicationStatusType]
forall a. Maybe a
Prelude.Nothing,
      $sel:httpStatus:CreateSecretResponse' :: Int
httpStatus = Int
pHttpStatus_
    }

-- | The unique identifier associated with the version of the secret you just
-- created.
createSecretResponse_versionId :: Lens.Lens' CreateSecretResponse (Prelude.Maybe Prelude.Text)
createSecretResponse_versionId :: (Maybe Text -> f (Maybe Text))
-> CreateSecretResponse -> f CreateSecretResponse
createSecretResponse_versionId = (CreateSecretResponse -> Maybe Text)
-> (CreateSecretResponse -> Maybe Text -> CreateSecretResponse)
-> Lens
     CreateSecretResponse CreateSecretResponse (Maybe Text) (Maybe Text)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateSecretResponse' {Maybe Text
versionId :: Maybe Text
$sel:versionId:CreateSecretResponse' :: CreateSecretResponse -> Maybe Text
versionId} -> Maybe Text
versionId) (\s :: CreateSecretResponse
s@CreateSecretResponse' {} Maybe Text
a -> CreateSecretResponse
s {$sel:versionId:CreateSecretResponse' :: Maybe Text
versionId = Maybe Text
a} :: CreateSecretResponse)

-- | The Amazon Resource Name (ARN) of the secret that you just created.
--
-- Secrets Manager automatically adds several random characters to the name
-- at the end of the ARN when you initially create a secret. This affects
-- only the ARN and not the actual friendly name. This ensures that if you
-- create a new secret with the same name as an old secret that you
-- previously deleted, then users with access to the old secret /don\'t/
-- automatically get access to the new secret because the ARNs are
-- different.
createSecretResponse_arn :: Lens.Lens' CreateSecretResponse (Prelude.Maybe Prelude.Text)
createSecretResponse_arn :: (Maybe Text -> f (Maybe Text))
-> CreateSecretResponse -> f CreateSecretResponse
createSecretResponse_arn = (CreateSecretResponse -> Maybe Text)
-> (CreateSecretResponse -> Maybe Text -> CreateSecretResponse)
-> Lens
     CreateSecretResponse CreateSecretResponse (Maybe Text) (Maybe Text)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateSecretResponse' {Maybe Text
arn :: Maybe Text
$sel:arn:CreateSecretResponse' :: CreateSecretResponse -> Maybe Text
arn} -> Maybe Text
arn) (\s :: CreateSecretResponse
s@CreateSecretResponse' {} Maybe Text
a -> CreateSecretResponse
s {$sel:arn:CreateSecretResponse' :: Maybe Text
arn = Maybe Text
a} :: CreateSecretResponse)

-- | The friendly name of the secret that you just created.
createSecretResponse_name :: Lens.Lens' CreateSecretResponse (Prelude.Maybe Prelude.Text)
createSecretResponse_name :: (Maybe Text -> f (Maybe Text))
-> CreateSecretResponse -> f CreateSecretResponse
createSecretResponse_name = (CreateSecretResponse -> Maybe Text)
-> (CreateSecretResponse -> Maybe Text -> CreateSecretResponse)
-> Lens
     CreateSecretResponse CreateSecretResponse (Maybe Text) (Maybe Text)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateSecretResponse' {Maybe Text
name :: Maybe Text
$sel:name:CreateSecretResponse' :: CreateSecretResponse -> Maybe Text
name} -> Maybe Text
name) (\s :: CreateSecretResponse
s@CreateSecretResponse' {} Maybe Text
a -> CreateSecretResponse
s {$sel:name:CreateSecretResponse' :: Maybe Text
name = Maybe Text
a} :: CreateSecretResponse)

-- | Describes a list of replication status objects as @InProgress@, @Failed@
-- or @InSync@.
createSecretResponse_replicationStatus :: Lens.Lens' CreateSecretResponse (Prelude.Maybe [ReplicationStatusType])
createSecretResponse_replicationStatus :: (Maybe [ReplicationStatusType]
 -> f (Maybe [ReplicationStatusType]))
-> CreateSecretResponse -> f CreateSecretResponse
createSecretResponse_replicationStatus = (CreateSecretResponse -> Maybe [ReplicationStatusType])
-> (CreateSecretResponse
    -> Maybe [ReplicationStatusType] -> CreateSecretResponse)
-> Lens
     CreateSecretResponse
     CreateSecretResponse
     (Maybe [ReplicationStatusType])
     (Maybe [ReplicationStatusType])
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateSecretResponse' {Maybe [ReplicationStatusType]
replicationStatus :: Maybe [ReplicationStatusType]
$sel:replicationStatus:CreateSecretResponse' :: CreateSecretResponse -> Maybe [ReplicationStatusType]
replicationStatus} -> Maybe [ReplicationStatusType]
replicationStatus) (\s :: CreateSecretResponse
s@CreateSecretResponse' {} Maybe [ReplicationStatusType]
a -> CreateSecretResponse
s {$sel:replicationStatus:CreateSecretResponse' :: Maybe [ReplicationStatusType]
replicationStatus = Maybe [ReplicationStatusType]
a} :: CreateSecretResponse) ((Maybe [ReplicationStatusType]
  -> f (Maybe [ReplicationStatusType]))
 -> CreateSecretResponse -> f CreateSecretResponse)
-> ((Maybe [ReplicationStatusType]
     -> f (Maybe [ReplicationStatusType]))
    -> Maybe [ReplicationStatusType]
    -> f (Maybe [ReplicationStatusType]))
-> (Maybe [ReplicationStatusType]
    -> f (Maybe [ReplicationStatusType]))
-> CreateSecretResponse
-> f CreateSecretResponse
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. AnIso
  [ReplicationStatusType]
  [ReplicationStatusType]
  [ReplicationStatusType]
  [ReplicationStatusType]
-> Iso
     (Maybe [ReplicationStatusType])
     (Maybe [ReplicationStatusType])
     (Maybe [ReplicationStatusType])
     (Maybe [ReplicationStatusType])
forall (f :: * -> *) (g :: * -> *) s t a b.
(Functor f, Functor g) =>
AnIso s t a b -> Iso (f s) (g t) (f a) (g b)
Lens.mapping AnIso
  [ReplicationStatusType]
  [ReplicationStatusType]
  [ReplicationStatusType]
  [ReplicationStatusType]
forall s t a b. (Coercible s a, Coercible t b) => Iso s t a b
Lens.coerced

-- | The response's http status code.
createSecretResponse_httpStatus :: Lens.Lens' CreateSecretResponse Prelude.Int
createSecretResponse_httpStatus :: (Int -> f Int) -> CreateSecretResponse -> f CreateSecretResponse
createSecretResponse_httpStatus = (CreateSecretResponse -> Int)
-> (CreateSecretResponse -> Int -> CreateSecretResponse)
-> Lens CreateSecretResponse CreateSecretResponse Int Int
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CreateSecretResponse' {Int
httpStatus :: Int
$sel:httpStatus:CreateSecretResponse' :: CreateSecretResponse -> Int
httpStatus} -> Int
httpStatus) (\s :: CreateSecretResponse
s@CreateSecretResponse' {} Int
a -> CreateSecretResponse
s {$sel:httpStatus:CreateSecretResponse' :: Int
httpStatus = Int
a} :: CreateSecretResponse)

instance Prelude.NFData CreateSecretResponse