{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE TypeFamilies #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-binds #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.KMS.RevokeGrant
-- Copyright   : (c) 2013-2023 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
--
-- Deletes the specified grant. You revoke a grant to terminate the
-- permissions that the grant allows. For more information, see
-- <https://docs.aws.amazon.com/kms/latest/developerguide/managing-grants.html#grant-delete Retiring and revoking grants>
-- in the //Key Management Service Developer Guide// .
--
-- When you create, retire, or revoke a grant, there might be a brief
-- delay, usually less than five minutes, until the grant is available
-- throughout KMS. This state is known as /eventual consistency/. For
-- details, see
-- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#terms-eventual-consistency Eventual consistency>
-- in the //Key Management Service Developer Guide// .
--
-- For detailed information about grants, including grant terminology, see
-- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html Grants in KMS>
-- in the //Key Management Service Developer Guide// . For examples of
-- working with grants in several programming languages, see
-- <https://docs.aws.amazon.com/kms/latest/developerguide/programming-grants.html Programming grants>.
--
-- __Cross-account use__: Yes. To perform this operation on a KMS key in a
-- different Amazon Web Services account, specify the key ARN in the value
-- of the @KeyId@ parameter.
--
-- __Required permissions__:
-- <https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html kms:RevokeGrant>
-- (key policy).
--
-- __Related operations:__
--
-- -   CreateGrant
--
-- -   ListGrants
--
-- -   ListRetirableGrants
--
-- -   RetireGrant
module Amazonka.KMS.RevokeGrant
  ( -- * Creating a Request
    RevokeGrant (..),
    newRevokeGrant,

    -- * Request Lenses
    revokeGrant_keyId,
    revokeGrant_grantId,

    -- * Destructuring the Response
    RevokeGrantResponse (..),
    newRevokeGrantResponse,
  )
where

import qualified Amazonka.Core as Core
import qualified Amazonka.Core.Lens.Internal as Lens
import qualified Amazonka.Data as Data
import Amazonka.KMS.Types
import qualified Amazonka.Prelude as Prelude
import qualified Amazonka.Request as Request
import qualified Amazonka.Response as Response

-- | /See:/ 'newRevokeGrant' smart constructor.
data RevokeGrant = RevokeGrant'
  { -- | A unique identifier for the KMS key associated with the grant. To get
    -- the key ID and key ARN for a KMS key, use ListKeys or DescribeKey.
    --
    -- Specify the key ID or key ARN of the KMS key. To specify a KMS key in a
    -- different Amazon Web Services account, you must use the key ARN.
    --
    -- For example:
    --
    -- -   Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@
    --
    -- -   Key ARN:
    --     @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@
    --
    -- To get the key ID and key ARN for a KMS key, use ListKeys or
    -- DescribeKey.
    RevokeGrant -> Text
keyId :: Prelude.Text,
    -- | Identifies the grant to revoke. To get the grant ID, use CreateGrant,
    -- ListGrants, or ListRetirableGrants.
    RevokeGrant -> Text
grantId :: Prelude.Text
  }
  deriving (RevokeGrant -> RevokeGrant -> Bool
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: RevokeGrant -> RevokeGrant -> Bool
$c/= :: RevokeGrant -> RevokeGrant -> Bool
== :: RevokeGrant -> RevokeGrant -> Bool
$c== :: RevokeGrant -> RevokeGrant -> Bool
Prelude.Eq, ReadPrec [RevokeGrant]
ReadPrec RevokeGrant
Int -> ReadS RevokeGrant
ReadS [RevokeGrant]
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [RevokeGrant]
$creadListPrec :: ReadPrec [RevokeGrant]
readPrec :: ReadPrec RevokeGrant
$creadPrec :: ReadPrec RevokeGrant
readList :: ReadS [RevokeGrant]
$creadList :: ReadS [RevokeGrant]
readsPrec :: Int -> ReadS RevokeGrant
$creadsPrec :: Int -> ReadS RevokeGrant
Prelude.Read, Int -> RevokeGrant -> ShowS
[RevokeGrant] -> ShowS
RevokeGrant -> String
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [RevokeGrant] -> ShowS
$cshowList :: [RevokeGrant] -> ShowS
show :: RevokeGrant -> String
$cshow :: RevokeGrant -> String
showsPrec :: Int -> RevokeGrant -> ShowS
$cshowsPrec :: Int -> RevokeGrant -> ShowS
Prelude.Show, forall x. Rep RevokeGrant x -> RevokeGrant
forall x. RevokeGrant -> Rep RevokeGrant x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x. Rep RevokeGrant x -> RevokeGrant
$cfrom :: forall x. RevokeGrant -> Rep RevokeGrant x
Prelude.Generic)

-- |
-- Create a value of 'RevokeGrant' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'keyId', 'revokeGrant_keyId' - A unique identifier for the KMS key associated with the grant. To get
-- the key ID and key ARN for a KMS key, use ListKeys or DescribeKey.
--
-- Specify the key ID or key ARN of the KMS key. To specify a KMS key in a
-- different Amazon Web Services account, you must use the key ARN.
--
-- For example:
--
-- -   Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@
--
-- -   Key ARN:
--     @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@
--
-- To get the key ID and key ARN for a KMS key, use ListKeys or
-- DescribeKey.
--
-- 'grantId', 'revokeGrant_grantId' - Identifies the grant to revoke. To get the grant ID, use CreateGrant,
-- ListGrants, or ListRetirableGrants.
newRevokeGrant ::
  -- | 'keyId'
  Prelude.Text ->
  -- | 'grantId'
  Prelude.Text ->
  RevokeGrant
newRevokeGrant :: Text -> Text -> RevokeGrant
newRevokeGrant Text
pKeyId_ Text
pGrantId_ =
  RevokeGrant' {$sel:keyId:RevokeGrant' :: Text
keyId = Text
pKeyId_, $sel:grantId:RevokeGrant' :: Text
grantId = Text
pGrantId_}

-- | A unique identifier for the KMS key associated with the grant. To get
-- the key ID and key ARN for a KMS key, use ListKeys or DescribeKey.
--
-- Specify the key ID or key ARN of the KMS key. To specify a KMS key in a
-- different Amazon Web Services account, you must use the key ARN.
--
-- For example:
--
-- -   Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@
--
-- -   Key ARN:
--     @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@
--
-- To get the key ID and key ARN for a KMS key, use ListKeys or
-- DescribeKey.
revokeGrant_keyId :: Lens.Lens' RevokeGrant Prelude.Text
revokeGrant_keyId :: Lens' RevokeGrant Text
revokeGrant_keyId = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\RevokeGrant' {Text
keyId :: Text
$sel:keyId:RevokeGrant' :: RevokeGrant -> Text
keyId} -> Text
keyId) (\s :: RevokeGrant
s@RevokeGrant' {} Text
a -> RevokeGrant
s {$sel:keyId:RevokeGrant' :: Text
keyId = Text
a} :: RevokeGrant)

-- | Identifies the grant to revoke. To get the grant ID, use CreateGrant,
-- ListGrants, or ListRetirableGrants.
revokeGrant_grantId :: Lens.Lens' RevokeGrant Prelude.Text
revokeGrant_grantId :: Lens' RevokeGrant Text
revokeGrant_grantId = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\RevokeGrant' {Text
grantId :: Text
$sel:grantId:RevokeGrant' :: RevokeGrant -> Text
grantId} -> Text
grantId) (\s :: RevokeGrant
s@RevokeGrant' {} Text
a -> RevokeGrant
s {$sel:grantId:RevokeGrant' :: Text
grantId = Text
a} :: RevokeGrant)

instance Core.AWSRequest RevokeGrant where
  type AWSResponse RevokeGrant = RevokeGrantResponse
  request :: (Service -> Service) -> RevokeGrant -> Request RevokeGrant
request Service -> Service
overrides =
    forall a. (ToRequest a, ToJSON a) => Service -> a -> Request a
Request.postJSON (Service -> Service
overrides Service
defaultService)
  response :: forall (m :: * -> *).
MonadResource m =>
(ByteStringLazy -> IO ByteStringLazy)
-> Service
-> Proxy RevokeGrant
-> ClientResponse ClientBody
-> m (Either Error (ClientResponse (AWSResponse RevokeGrant)))
response = forall (m :: * -> *) a.
MonadResource m =>
AWSResponse a
-> (ByteStringLazy -> IO ByteStringLazy)
-> Service
-> Proxy a
-> ClientResponse ClientBody
-> m (Either Error (ClientResponse (AWSResponse a)))
Response.receiveNull RevokeGrantResponse
RevokeGrantResponse'

instance Prelude.Hashable RevokeGrant where
  hashWithSalt :: Int -> RevokeGrant -> Int
hashWithSalt Int
_salt RevokeGrant' {Text
grantId :: Text
keyId :: Text
$sel:grantId:RevokeGrant' :: RevokeGrant -> Text
$sel:keyId:RevokeGrant' :: RevokeGrant -> Text
..} =
    Int
_salt
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Text
keyId
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Text
grantId

instance Prelude.NFData RevokeGrant where
  rnf :: RevokeGrant -> ()
rnf RevokeGrant' {Text
grantId :: Text
keyId :: Text
$sel:grantId:RevokeGrant' :: RevokeGrant -> Text
$sel:keyId:RevokeGrant' :: RevokeGrant -> Text
..} =
    forall a. NFData a => a -> ()
Prelude.rnf Text
keyId seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Text
grantId

instance Data.ToHeaders RevokeGrant where
  toHeaders :: RevokeGrant -> [Header]
toHeaders =
    forall a b. a -> b -> a
Prelude.const
      ( forall a. Monoid a => [a] -> a
Prelude.mconcat
          [ HeaderName
"X-Amz-Target"
              forall a. ToHeader a => HeaderName -> a -> [Header]
Data.=# (ByteString
"TrentService.RevokeGrant" :: Prelude.ByteString),
            HeaderName
"Content-Type"
              forall a. ToHeader a => HeaderName -> a -> [Header]
Data.=# ( ByteString
"application/x-amz-json-1.1" ::
                          Prelude.ByteString
                      )
          ]
      )

instance Data.ToJSON RevokeGrant where
  toJSON :: RevokeGrant -> Value
toJSON RevokeGrant' {Text
grantId :: Text
keyId :: Text
$sel:grantId:RevokeGrant' :: RevokeGrant -> Text
$sel:keyId:RevokeGrant' :: RevokeGrant -> Text
..} =
    [Pair] -> Value
Data.object
      ( forall a. [Maybe a] -> [a]
Prelude.catMaybes
          [ forall a. a -> Maybe a
Prelude.Just (Key
"KeyId" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv
Data..= Text
keyId),
            forall a. a -> Maybe a
Prelude.Just (Key
"GrantId" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv
Data..= Text
grantId)
          ]
      )

instance Data.ToPath RevokeGrant where
  toPath :: RevokeGrant -> ByteString
toPath = forall a b. a -> b -> a
Prelude.const ByteString
"/"

instance Data.ToQuery RevokeGrant where
  toQuery :: RevokeGrant -> QueryString
toQuery = forall a b. a -> b -> a
Prelude.const forall a. Monoid a => a
Prelude.mempty

-- | /See:/ 'newRevokeGrantResponse' smart constructor.
data RevokeGrantResponse = RevokeGrantResponse'
  {
  }
  deriving (RevokeGrantResponse -> RevokeGrantResponse -> Bool
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: RevokeGrantResponse -> RevokeGrantResponse -> Bool
$c/= :: RevokeGrantResponse -> RevokeGrantResponse -> Bool
== :: RevokeGrantResponse -> RevokeGrantResponse -> Bool
$c== :: RevokeGrantResponse -> RevokeGrantResponse -> Bool
Prelude.Eq, ReadPrec [RevokeGrantResponse]
ReadPrec RevokeGrantResponse
Int -> ReadS RevokeGrantResponse
ReadS [RevokeGrantResponse]
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [RevokeGrantResponse]
$creadListPrec :: ReadPrec [RevokeGrantResponse]
readPrec :: ReadPrec RevokeGrantResponse
$creadPrec :: ReadPrec RevokeGrantResponse
readList :: ReadS [RevokeGrantResponse]
$creadList :: ReadS [RevokeGrantResponse]
readsPrec :: Int -> ReadS RevokeGrantResponse
$creadsPrec :: Int -> ReadS RevokeGrantResponse
Prelude.Read, Int -> RevokeGrantResponse -> ShowS
[RevokeGrantResponse] -> ShowS
RevokeGrantResponse -> String
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [RevokeGrantResponse] -> ShowS
$cshowList :: [RevokeGrantResponse] -> ShowS
show :: RevokeGrantResponse -> String
$cshow :: RevokeGrantResponse -> String
showsPrec :: Int -> RevokeGrantResponse -> ShowS
$cshowsPrec :: Int -> RevokeGrantResponse -> ShowS
Prelude.Show, forall x. Rep RevokeGrantResponse x -> RevokeGrantResponse
forall x. RevokeGrantResponse -> Rep RevokeGrantResponse x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x. Rep RevokeGrantResponse x -> RevokeGrantResponse
$cfrom :: forall x. RevokeGrantResponse -> Rep RevokeGrantResponse x
Prelude.Generic)

-- |
-- Create a value of 'RevokeGrantResponse' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
newRevokeGrantResponse ::
  RevokeGrantResponse
newRevokeGrantResponse :: RevokeGrantResponse
newRevokeGrantResponse = RevokeGrantResponse
RevokeGrantResponse'

instance Prelude.NFData RevokeGrantResponse where
  rnf :: RevokeGrantResponse -> ()
rnf RevokeGrantResponse
_ = ()