amazonka-kms 1.3.3.1 → 1.3.4
raw patch · 34 files changed
+1084/−322 lines, 34 filesdep ~amazonka-coredep ~amazonka-kmsdep ~amazonka-testPVP: major bump suggested
API removals or changes: PVP suggests a major version bump
Dependency ranges changed: amazonka-core, amazonka-kms, amazonka-test
API changes (from Hackage documentation)
- Network.AWS.KMS.Decrypt: dCiphertextBlob :: Lens' Decrypt ByteString
- Network.AWS.KMS.Decrypt: dEncryptionContext :: Lens' Decrypt (HashMap Text Text)
- Network.AWS.KMS.Decrypt: dGrantTokens :: Lens' Decrypt [Text]
- Network.AWS.KMS.ListGrants: instance Data.Data.Data Network.AWS.KMS.ListGrants.ListGrantsResponse
- Network.AWS.KMS.ListGrants: instance GHC.Classes.Eq Network.AWS.KMS.ListGrants.ListGrantsResponse
- Network.AWS.KMS.ListGrants: instance GHC.Generics.Constructor Network.AWS.KMS.ListGrants.C1_0ListGrantsResponse
- Network.AWS.KMS.ListGrants: instance GHC.Generics.Datatype Network.AWS.KMS.ListGrants.D1ListGrantsResponse
- Network.AWS.KMS.ListGrants: instance GHC.Generics.Generic Network.AWS.KMS.ListGrants.ListGrantsResponse
- Network.AWS.KMS.ListGrants: instance GHC.Generics.Selector Network.AWS.KMS.ListGrants.S1_0_0ListGrantsResponse
- Network.AWS.KMS.ListGrants: instance GHC.Generics.Selector Network.AWS.KMS.ListGrants.S1_0_1ListGrantsResponse
- Network.AWS.KMS.ListGrants: instance GHC.Generics.Selector Network.AWS.KMS.ListGrants.S1_0_2ListGrantsResponse
- Network.AWS.KMS.ListGrants: instance GHC.Generics.Selector Network.AWS.KMS.ListGrants.S1_0_3ListGrantsResponse
- Network.AWS.KMS.ListGrants: instance GHC.Read.Read Network.AWS.KMS.ListGrants.ListGrantsResponse
- Network.AWS.KMS.ListGrants: instance GHC.Show.Show Network.AWS.KMS.ListGrants.ListGrantsResponse
- Network.AWS.KMS.ListGrants: lgrsGrants :: Lens' ListGrantsResponse [GrantListEntry]
- Network.AWS.KMS.ListGrants: lgrsNextMarker :: Lens' ListGrantsResponse (Maybe Text)
- Network.AWS.KMS.ListGrants: lgrsResponseStatus :: Lens' ListGrantsResponse Int
- Network.AWS.KMS.ListGrants: lgrsTruncated :: Lens' ListGrantsResponse (Maybe Bool)
+ Network.AWS.KMS: DescribeKey :: GrantOperation
+ Network.AWS.KMS: Disabled :: KeyState
+ Network.AWS.KMS: Enabled :: KeyState
+ Network.AWS.KMS: PendingDeletion :: KeyState
+ Network.AWS.KMS: _InvalidGrantIdException :: AsError a => Getting (First ServiceError) a ServiceError
+ Network.AWS.KMS: _KMSInvalidStateException :: AsError a => Getting (First ServiceError) a ServiceError
+ Network.AWS.KMS: data KeyState
+ Network.AWS.KMS: data ListGrantsResponse
+ Network.AWS.KMS: gleCreationDate :: Lens' GrantListEntry (Maybe UTCTime)
+ Network.AWS.KMS: gleKeyId :: Lens' GrantListEntry (Maybe Text)
+ Network.AWS.KMS: gleName :: Lens' GrantListEntry (Maybe Text)
+ Network.AWS.KMS: kmDeletionDate :: Lens' KeyMetadata (Maybe UTCTime)
+ Network.AWS.KMS: kmKeyState :: Lens' KeyMetadata (Maybe KeyState)
+ Network.AWS.KMS: lgGrants :: Lens' ListGrantsResponse [GrantListEntry]
+ Network.AWS.KMS: lgNextMarker :: Lens' ListGrantsResponse (Maybe Text)
+ Network.AWS.KMS: lgTruncated :: Lens' ListGrantsResponse (Maybe Bool)
+ Network.AWS.KMS: listGrantsResponse :: ListGrantsResponse
+ Network.AWS.KMS.CancelKeyDeletion: cancelKeyDeletion :: Text -> CancelKeyDeletion
+ Network.AWS.KMS.CancelKeyDeletion: cancelKeyDeletionResponse :: Int -> CancelKeyDeletionResponse
+ Network.AWS.KMS.CancelKeyDeletion: ckdKeyId :: Lens' CancelKeyDeletion Text
+ Network.AWS.KMS.CancelKeyDeletion: ckdrsKeyId :: Lens' CancelKeyDeletionResponse (Maybe Text)
+ Network.AWS.KMS.CancelKeyDeletion: ckdrsResponseStatus :: Lens' CancelKeyDeletionResponse Int
+ Network.AWS.KMS.CancelKeyDeletion: data CancelKeyDeletion
+ Network.AWS.KMS.CancelKeyDeletion: data CancelKeyDeletionResponse
+ Network.AWS.KMS.CancelKeyDeletion: instance Data.Aeson.Types.Class.ToJSON Network.AWS.KMS.CancelKeyDeletion.CancelKeyDeletion
+ Network.AWS.KMS.CancelKeyDeletion: instance Data.Data.Data Network.AWS.KMS.CancelKeyDeletion.CancelKeyDeletion
+ Network.AWS.KMS.CancelKeyDeletion: instance Data.Data.Data Network.AWS.KMS.CancelKeyDeletion.CancelKeyDeletionResponse
+ Network.AWS.KMS.CancelKeyDeletion: instance GHC.Classes.Eq Network.AWS.KMS.CancelKeyDeletion.CancelKeyDeletion
+ Network.AWS.KMS.CancelKeyDeletion: instance GHC.Classes.Eq Network.AWS.KMS.CancelKeyDeletion.CancelKeyDeletionResponse
+ Network.AWS.KMS.CancelKeyDeletion: instance GHC.Generics.Constructor Network.AWS.KMS.CancelKeyDeletion.C1_0CancelKeyDeletion
+ Network.AWS.KMS.CancelKeyDeletion: instance GHC.Generics.Constructor Network.AWS.KMS.CancelKeyDeletion.C1_0CancelKeyDeletionResponse
+ Network.AWS.KMS.CancelKeyDeletion: instance GHC.Generics.Datatype Network.AWS.KMS.CancelKeyDeletion.D1CancelKeyDeletion
+ Network.AWS.KMS.CancelKeyDeletion: instance GHC.Generics.Datatype Network.AWS.KMS.CancelKeyDeletion.D1CancelKeyDeletionResponse
+ Network.AWS.KMS.CancelKeyDeletion: instance GHC.Generics.Generic Network.AWS.KMS.CancelKeyDeletion.CancelKeyDeletion
+ Network.AWS.KMS.CancelKeyDeletion: instance GHC.Generics.Generic Network.AWS.KMS.CancelKeyDeletion.CancelKeyDeletionResponse
+ Network.AWS.KMS.CancelKeyDeletion: instance GHC.Generics.Selector Network.AWS.KMS.CancelKeyDeletion.S1_0_0CancelKeyDeletion
+ Network.AWS.KMS.CancelKeyDeletion: instance GHC.Generics.Selector Network.AWS.KMS.CancelKeyDeletion.S1_0_0CancelKeyDeletionResponse
+ Network.AWS.KMS.CancelKeyDeletion: instance GHC.Generics.Selector Network.AWS.KMS.CancelKeyDeletion.S1_0_1CancelKeyDeletionResponse
+ Network.AWS.KMS.CancelKeyDeletion: instance GHC.Read.Read Network.AWS.KMS.CancelKeyDeletion.CancelKeyDeletion
+ Network.AWS.KMS.CancelKeyDeletion: instance GHC.Read.Read Network.AWS.KMS.CancelKeyDeletion.CancelKeyDeletionResponse
+ Network.AWS.KMS.CancelKeyDeletion: instance GHC.Show.Show Network.AWS.KMS.CancelKeyDeletion.CancelKeyDeletion
+ Network.AWS.KMS.CancelKeyDeletion: instance GHC.Show.Show Network.AWS.KMS.CancelKeyDeletion.CancelKeyDeletionResponse
+ Network.AWS.KMS.CancelKeyDeletion: instance Network.AWS.Data.Headers.ToHeaders Network.AWS.KMS.CancelKeyDeletion.CancelKeyDeletion
+ Network.AWS.KMS.CancelKeyDeletion: instance Network.AWS.Data.Path.ToPath Network.AWS.KMS.CancelKeyDeletion.CancelKeyDeletion
+ Network.AWS.KMS.CancelKeyDeletion: instance Network.AWS.Data.Query.ToQuery Network.AWS.KMS.CancelKeyDeletion.CancelKeyDeletion
+ Network.AWS.KMS.CancelKeyDeletion: instance Network.AWS.Types.AWSRequest Network.AWS.KMS.CancelKeyDeletion.CancelKeyDeletion
+ Network.AWS.KMS.CreateGrant: cgName :: Lens' CreateGrant (Maybe Text)
+ Network.AWS.KMS.CreateGrant: instance GHC.Generics.Selector Network.AWS.KMS.CreateGrant.S1_0_6CreateGrant
+ Network.AWS.KMS.Decrypt: decCiphertextBlob :: Lens' Decrypt ByteString
+ Network.AWS.KMS.Decrypt: decEncryptionContext :: Lens' Decrypt (HashMap Text Text)
+ Network.AWS.KMS.Decrypt: decGrantTokens :: Lens' Decrypt [Text]
+ Network.AWS.KMS.DescribeKey: dGrantTokens :: Lens' DescribeKey [Text]
+ Network.AWS.KMS.DescribeKey: instance GHC.Generics.Selector Network.AWS.KMS.DescribeKey.S1_0_1DescribeKey
+ Network.AWS.KMS.ListGrants: lgGrants :: Lens' ListGrantsResponse [GrantListEntry]
+ Network.AWS.KMS.ListGrants: lgNextMarker :: Lens' ListGrantsResponse (Maybe Text)
+ Network.AWS.KMS.ListGrants: lgTruncated :: Lens' ListGrantsResponse (Maybe Bool)
+ Network.AWS.KMS.ListRetirableGrants: data ListGrantsResponse
+ Network.AWS.KMS.ListRetirableGrants: data ListRetirableGrants
+ Network.AWS.KMS.ListRetirableGrants: instance Data.Aeson.Types.Class.ToJSON Network.AWS.KMS.ListRetirableGrants.ListRetirableGrants
+ Network.AWS.KMS.ListRetirableGrants: instance Data.Data.Data Network.AWS.KMS.ListRetirableGrants.ListRetirableGrants
+ Network.AWS.KMS.ListRetirableGrants: instance GHC.Classes.Eq Network.AWS.KMS.ListRetirableGrants.ListRetirableGrants
+ Network.AWS.KMS.ListRetirableGrants: instance GHC.Generics.Constructor Network.AWS.KMS.ListRetirableGrants.C1_0ListRetirableGrants
+ Network.AWS.KMS.ListRetirableGrants: instance GHC.Generics.Datatype Network.AWS.KMS.ListRetirableGrants.D1ListRetirableGrants
+ Network.AWS.KMS.ListRetirableGrants: instance GHC.Generics.Generic Network.AWS.KMS.ListRetirableGrants.ListRetirableGrants
+ Network.AWS.KMS.ListRetirableGrants: instance GHC.Generics.Selector Network.AWS.KMS.ListRetirableGrants.S1_0_0ListRetirableGrants
+ Network.AWS.KMS.ListRetirableGrants: instance GHC.Generics.Selector Network.AWS.KMS.ListRetirableGrants.S1_0_1ListRetirableGrants
+ Network.AWS.KMS.ListRetirableGrants: instance GHC.Generics.Selector Network.AWS.KMS.ListRetirableGrants.S1_0_2ListRetirableGrants
+ Network.AWS.KMS.ListRetirableGrants: instance GHC.Read.Read Network.AWS.KMS.ListRetirableGrants.ListRetirableGrants
+ Network.AWS.KMS.ListRetirableGrants: instance GHC.Show.Show Network.AWS.KMS.ListRetirableGrants.ListRetirableGrants
+ Network.AWS.KMS.ListRetirableGrants: instance Network.AWS.Data.Headers.ToHeaders Network.AWS.KMS.ListRetirableGrants.ListRetirableGrants
+ Network.AWS.KMS.ListRetirableGrants: instance Network.AWS.Data.Path.ToPath Network.AWS.KMS.ListRetirableGrants.ListRetirableGrants
+ Network.AWS.KMS.ListRetirableGrants: instance Network.AWS.Data.Query.ToQuery Network.AWS.KMS.ListRetirableGrants.ListRetirableGrants
+ Network.AWS.KMS.ListRetirableGrants: instance Network.AWS.Types.AWSRequest Network.AWS.KMS.ListRetirableGrants.ListRetirableGrants
+ Network.AWS.KMS.ListRetirableGrants: lgGrants :: Lens' ListGrantsResponse [GrantListEntry]
+ Network.AWS.KMS.ListRetirableGrants: lgNextMarker :: Lens' ListGrantsResponse (Maybe Text)
+ Network.AWS.KMS.ListRetirableGrants: lgTruncated :: Lens' ListGrantsResponse (Maybe Bool)
+ Network.AWS.KMS.ListRetirableGrants: listGrantsResponse :: ListGrantsResponse
+ Network.AWS.KMS.ListRetirableGrants: listRetirableGrants :: Text -> ListRetirableGrants
+ Network.AWS.KMS.ListRetirableGrants: lrgLimit :: Lens' ListRetirableGrants (Maybe Natural)
+ Network.AWS.KMS.ListRetirableGrants: lrgMarker :: Lens' ListRetirableGrants (Maybe Text)
+ Network.AWS.KMS.ListRetirableGrants: lrgRetiringPrincipal :: Lens' ListRetirableGrants Text
+ Network.AWS.KMS.ScheduleKeyDeletion: data ScheduleKeyDeletion
+ Network.AWS.KMS.ScheduleKeyDeletion: data ScheduleKeyDeletionResponse
+ Network.AWS.KMS.ScheduleKeyDeletion: instance Data.Aeson.Types.Class.ToJSON Network.AWS.KMS.ScheduleKeyDeletion.ScheduleKeyDeletion
+ Network.AWS.KMS.ScheduleKeyDeletion: instance Data.Data.Data Network.AWS.KMS.ScheduleKeyDeletion.ScheduleKeyDeletion
+ Network.AWS.KMS.ScheduleKeyDeletion: instance Data.Data.Data Network.AWS.KMS.ScheduleKeyDeletion.ScheduleKeyDeletionResponse
+ Network.AWS.KMS.ScheduleKeyDeletion: instance GHC.Classes.Eq Network.AWS.KMS.ScheduleKeyDeletion.ScheduleKeyDeletion
+ Network.AWS.KMS.ScheduleKeyDeletion: instance GHC.Classes.Eq Network.AWS.KMS.ScheduleKeyDeletion.ScheduleKeyDeletionResponse
+ Network.AWS.KMS.ScheduleKeyDeletion: instance GHC.Generics.Constructor Network.AWS.KMS.ScheduleKeyDeletion.C1_0ScheduleKeyDeletion
+ Network.AWS.KMS.ScheduleKeyDeletion: instance GHC.Generics.Constructor Network.AWS.KMS.ScheduleKeyDeletion.C1_0ScheduleKeyDeletionResponse
+ Network.AWS.KMS.ScheduleKeyDeletion: instance GHC.Generics.Datatype Network.AWS.KMS.ScheduleKeyDeletion.D1ScheduleKeyDeletion
+ Network.AWS.KMS.ScheduleKeyDeletion: instance GHC.Generics.Datatype Network.AWS.KMS.ScheduleKeyDeletion.D1ScheduleKeyDeletionResponse
+ Network.AWS.KMS.ScheduleKeyDeletion: instance GHC.Generics.Generic Network.AWS.KMS.ScheduleKeyDeletion.ScheduleKeyDeletion
+ Network.AWS.KMS.ScheduleKeyDeletion: instance GHC.Generics.Generic Network.AWS.KMS.ScheduleKeyDeletion.ScheduleKeyDeletionResponse
+ Network.AWS.KMS.ScheduleKeyDeletion: instance GHC.Generics.Selector Network.AWS.KMS.ScheduleKeyDeletion.S1_0_0ScheduleKeyDeletion
+ Network.AWS.KMS.ScheduleKeyDeletion: instance GHC.Generics.Selector Network.AWS.KMS.ScheduleKeyDeletion.S1_0_0ScheduleKeyDeletionResponse
+ Network.AWS.KMS.ScheduleKeyDeletion: instance GHC.Generics.Selector Network.AWS.KMS.ScheduleKeyDeletion.S1_0_1ScheduleKeyDeletion
+ Network.AWS.KMS.ScheduleKeyDeletion: instance GHC.Generics.Selector Network.AWS.KMS.ScheduleKeyDeletion.S1_0_1ScheduleKeyDeletionResponse
+ Network.AWS.KMS.ScheduleKeyDeletion: instance GHC.Generics.Selector Network.AWS.KMS.ScheduleKeyDeletion.S1_0_2ScheduleKeyDeletionResponse
+ Network.AWS.KMS.ScheduleKeyDeletion: instance GHC.Read.Read Network.AWS.KMS.ScheduleKeyDeletion.ScheduleKeyDeletion
+ Network.AWS.KMS.ScheduleKeyDeletion: instance GHC.Read.Read Network.AWS.KMS.ScheduleKeyDeletion.ScheduleKeyDeletionResponse
+ Network.AWS.KMS.ScheduleKeyDeletion: instance GHC.Show.Show Network.AWS.KMS.ScheduleKeyDeletion.ScheduleKeyDeletion
+ Network.AWS.KMS.ScheduleKeyDeletion: instance GHC.Show.Show Network.AWS.KMS.ScheduleKeyDeletion.ScheduleKeyDeletionResponse
+ Network.AWS.KMS.ScheduleKeyDeletion: instance Network.AWS.Data.Headers.ToHeaders Network.AWS.KMS.ScheduleKeyDeletion.ScheduleKeyDeletion
+ Network.AWS.KMS.ScheduleKeyDeletion: instance Network.AWS.Data.Path.ToPath Network.AWS.KMS.ScheduleKeyDeletion.ScheduleKeyDeletion
+ Network.AWS.KMS.ScheduleKeyDeletion: instance Network.AWS.Data.Query.ToQuery Network.AWS.KMS.ScheduleKeyDeletion.ScheduleKeyDeletion
+ Network.AWS.KMS.ScheduleKeyDeletion: instance Network.AWS.Types.AWSRequest Network.AWS.KMS.ScheduleKeyDeletion.ScheduleKeyDeletion
+ Network.AWS.KMS.ScheduleKeyDeletion: scheduleKeyDeletion :: Text -> ScheduleKeyDeletion
+ Network.AWS.KMS.ScheduleKeyDeletion: scheduleKeyDeletionResponse :: Int -> ScheduleKeyDeletionResponse
+ Network.AWS.KMS.ScheduleKeyDeletion: skdKeyId :: Lens' ScheduleKeyDeletion Text
+ Network.AWS.KMS.ScheduleKeyDeletion: skdPendingWindowInDays :: Lens' ScheduleKeyDeletion (Maybe Natural)
+ Network.AWS.KMS.ScheduleKeyDeletion: skdrsDeletionDate :: Lens' ScheduleKeyDeletionResponse (Maybe UTCTime)
+ Network.AWS.KMS.ScheduleKeyDeletion: skdrsKeyId :: Lens' ScheduleKeyDeletionResponse (Maybe Text)
+ Network.AWS.KMS.ScheduleKeyDeletion: skdrsResponseStatus :: Lens' ScheduleKeyDeletionResponse Int
+ Network.AWS.KMS.Types: DescribeKey :: GrantOperation
+ Network.AWS.KMS.Types: Disabled :: KeyState
+ Network.AWS.KMS.Types: Enabled :: KeyState
+ Network.AWS.KMS.Types: PendingDeletion :: KeyState
+ Network.AWS.KMS.Types: _InvalidGrantIdException :: AsError a => Getting (First ServiceError) a ServiceError
+ Network.AWS.KMS.Types: _KMSInvalidStateException :: AsError a => Getting (First ServiceError) a ServiceError
+ Network.AWS.KMS.Types: data KeyState
+ Network.AWS.KMS.Types: data ListGrantsResponse
+ Network.AWS.KMS.Types: gleCreationDate :: Lens' GrantListEntry (Maybe UTCTime)
+ Network.AWS.KMS.Types: gleKeyId :: Lens' GrantListEntry (Maybe Text)
+ Network.AWS.KMS.Types: gleName :: Lens' GrantListEntry (Maybe Text)
+ Network.AWS.KMS.Types: kmDeletionDate :: Lens' KeyMetadata (Maybe UTCTime)
+ Network.AWS.KMS.Types: kmKeyState :: Lens' KeyMetadata (Maybe KeyState)
+ Network.AWS.KMS.Types: lgGrants :: Lens' ListGrantsResponse [GrantListEntry]
+ Network.AWS.KMS.Types: lgNextMarker :: Lens' ListGrantsResponse (Maybe Text)
+ Network.AWS.KMS.Types: lgTruncated :: Lens' ListGrantsResponse (Maybe Bool)
+ Network.AWS.KMS.Types: listGrantsResponse :: ListGrantsResponse
- Network.AWS.KMS.ListGrants: listGrantsResponse :: Int -> ListGrantsResponse
+ Network.AWS.KMS.ListGrants: listGrantsResponse :: ListGrantsResponse
Files
- README.md +24/−24
- amazonka-kms.cabal +31/−28
- fixture/CancelKeyDeletion.yaml +0/−0
- fixture/CancelKeyDeletionResponse.proto +0/−0
- fixture/ListRetirableGrants.yaml +0/−0
- fixture/ListRetirableGrantsResponse.proto +0/−0
- fixture/ScheduleKeyDeletion.yaml +0/−0
- fixture/ScheduleKeyDeletionResponse.proto +0/−0
- gen/Network/AWS/KMS.hs +56/−23
- gen/Network/AWS/KMS/CancelKeyDeletion.hs +142/−0
- gen/Network/AWS/KMS/CreateAlias.hs +3/−3
- gen/Network/AWS/KMS/CreateGrant.hs +86/−35
- gen/Network/AWS/KMS/CreateKey.hs +3/−2
- gen/Network/AWS/KMS/Decrypt.hs +27/−24
- gen/Network/AWS/KMS/DeleteAlias.hs +2/−2
- gen/Network/AWS/KMS/DescribeKey.hs +20/−4
- gen/Network/AWS/KMS/DisableKey.hs +5/−1
- gen/Network/AWS/KMS/EnableKey.hs +1/−2
- gen/Network/AWS/KMS/Encrypt.hs +5/−2
- gen/Network/AWS/KMS/GenerateDataKey.hs +5/−2
- gen/Network/AWS/KMS/GenerateDataKeyWithoutPlaintext.hs +5/−2
- gen/Network/AWS/KMS/ListAliases.hs +13/−14
- gen/Network/AWS/KMS/ListGrants.hs +13/−70
- gen/Network/AWS/KMS/ListKeyPolicies.hs +15/−14
- gen/Network/AWS/KMS/ListKeys.hs +13/−13
- gen/Network/AWS/KMS/ListRetirableGrants.hs +133/−0
- gen/Network/AWS/KMS/PutKeyPolicy.hs +3/−1
- gen/Network/AWS/KMS/ReEncrypt.hs +5/−2
- gen/Network/AWS/KMS/ScheduleKeyDeletion.hs +180/−0
- gen/Network/AWS/KMS/Types.hs +47/−8
- gen/Network/AWS/KMS/Types/Product.hs +146/−33
- gen/Network/AWS/KMS/Types/Sum.hs +32/−1
- gen/Network/AWS/KMS/UpdateAlias.hs +15/−12
- test/Test/AWS/Gen/KMS.hs +54/−0
README.md view
@@ -8,29 +8,29 @@ ## Version -`1.3.3.1`+`1.3.4` ## Description AWS Key Management Service -AWS Key Management Service (KMS) is an encryption and key management web-service. This guide describes the KMS actions that you can call-programmatically. For general information about KMS, see the-<http://docs.aws.amazon.com/kms/latest/developerguide/overview.html AWS Key Management Service Developer Guide>+AWS Key Management Service (AWS KMS) is an encryption and key management+web service. This guide describes the AWS KMS operations that you can+call programmatically. For general information about AWS KMS, see the+<http://docs.aws.amazon.com/kms/latest/developerguide/ AWS Key Management Service Developer Guide>. AWS provides SDKs that consist of libraries and sample code for various programming languages and platforms (Java, Ruby, .Net, iOS, Android, etc.). The SDKs provide a convenient way to create programmatic access-to KMS and AWS. For example, the SDKs take care of tasks such as signing-requests (see below), managing errors, and retrying requests-automatically. For more information about the AWS SDKs, including how to-download and install them, see+to AWS KMS and other AWS services. For example, the SDKs take care of+tasks such as signing requests (see below), managing errors, and+retrying requests automatically. For more information about the AWS+SDKs, including how to download and install them, see <http://aws.amazon.com/tools/ Tools for Amazon Web Services>. We recommend that you use the AWS SDKs to make programmatic API calls to-KMS.+AWS KMS. Clients must support TLS (Transport Layer Security) 1.0. We recommend TLS 1.2. Clients must also support cipher suites with Perfect Forward@@ -41,38 +41,38 @@ __Signing Requests__ Requests must be signed by using an access key ID and a secret access-key. We strongly recommend that you do not use your AWS account access-key ID and secret key for everyday work with KMS. Instead, use the+key. We strongly recommend that you /do not/ use your AWS account access+key ID and secret key for everyday work with AWS KMS. Instead, use the access key ID and secret access key for an IAM user, or you can use the AWS Security Token Service to generate temporary security credentials that you can use to sign requests. -All KMS operations require+All AWS KMS operations require <http://docs.aws.amazon.com/general/latest/gr/signature-version-4.html Signature Version 4>. -__Recording API Requests__+__Logging API Requests__ -KMS supports AWS CloudTrail, a service that records AWS API calls and+AWS KMS supports AWS CloudTrail, a service that logs AWS API calls and related events for your AWS account and delivers them to an Amazon S3 bucket that you specify. By using the information collected by-CloudTrail, you can determine what requests were made to KMS, who made-the request, when it was made, and so on. To learn more about+CloudTrail, you can determine what requests were made to AWS KMS, who+made the request, when it was made, and so on. To learn more about CloudTrail, including how to turn it on and find your log files, see the-<http://docs.aws.amazon.com/awscloudtrail/latest/userguide/whatiscloudtrail.html AWS CloudTrail User Guide>+<http://docs.aws.amazon.com/awscloudtrail/latest/userguide/ AWS CloudTrail User Guide>. __Additional Resources__ For more information about credentials and request signing, see the following: -- <http://docs.aws.amazon.com/general/latest/gr/aws-security-credentials.html AWS Security Credentials>.- This topic provides general information about the types of+- <http://docs.aws.amazon.com/general/latest/gr/aws-security-credentials.html AWS Security Credentials>+ - This topic provides general information about the types of credentials used for accessing AWS.-- <http://docs.aws.amazon.com/STS/latest/UsingSTS/ AWS Security Token Service>.- This guide describes how to create and use temporary security+- <http://docs.aws.amazon.com/STS/latest/UsingSTS/ AWS Security Token Service>+ - This guide describes how to create and use temporary security credentials.-- <http://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html Signing AWS API Requests>.- This set of topics walks you through the process of signing a+- <http://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html Signing AWS API Requests>+ - This set of topics walks you through the process of signing a request using an access key ID and a secret access key. __Commonly Used APIs__
amazonka-kms.cabal view
@@ -1,5 +1,5 @@ name: amazonka-kms-version: 1.3.3.1+version: 1.3.4 synopsis: Amazon Key Management Service SDK. homepage: https://github.com/brendanhay/amazonka bug-reports: https://github.com/brendanhay/amazonka/issues@@ -15,22 +15,22 @@ description: AWS Key Management Service - AWS Key Management Service (KMS) is an encryption and key management web- service. This guide describes the KMS actions that you can call- programmatically. For general information about KMS, see the- <http://docs.aws.amazon.com/kms/latest/developerguide/overview.html AWS Key Management Service Developer Guide>+ AWS Key Management Service (AWS KMS) is an encryption and key management+ web service. This guide describes the AWS KMS operations that you can+ call programmatically. For general information about AWS KMS, see the+ <http://docs.aws.amazon.com/kms/latest/developerguide/ AWS Key Management Service Developer Guide>. AWS provides SDKs that consist of libraries and sample code for various programming languages and platforms (Java, Ruby, .Net, iOS, Android, etc.). The SDKs provide a convenient way to create programmatic access- to KMS and AWS. For example, the SDKs take care of tasks such as signing- requests (see below), managing errors, and retrying requests- automatically. For more information about the AWS SDKs, including how to- download and install them, see+ to AWS KMS and other AWS services. For example, the SDKs take care of+ tasks such as signing requests (see below), managing errors, and+ retrying requests automatically. For more information about the AWS+ SDKs, including how to download and install them, see <http://aws.amazon.com/tools/ Tools for Amazon Web Services>. We recommend that you use the AWS SDKs to make programmatic API calls to- KMS.+ AWS KMS. Clients must support TLS (Transport Layer Security) 1.0. We recommend TLS 1.2. Clients must also support cipher suites with Perfect Forward@@ -41,38 +41,38 @@ __Signing Requests__ Requests must be signed by using an access key ID and a secret access- key. We strongly recommend that you do not use your AWS account access- key ID and secret key for everyday work with KMS. Instead, use the+ key. We strongly recommend that you /do not/ use your AWS account access+ key ID and secret key for everyday work with AWS KMS. Instead, use the access key ID and secret access key for an IAM user, or you can use the AWS Security Token Service to generate temporary security credentials that you can use to sign requests. - All KMS operations require+ All AWS KMS operations require <http://docs.aws.amazon.com/general/latest/gr/signature-version-4.html Signature Version 4>. - __Recording API Requests__+ __Logging API Requests__ - KMS supports AWS CloudTrail, a service that records AWS API calls and+ AWS KMS supports AWS CloudTrail, a service that logs AWS API calls and related events for your AWS account and delivers them to an Amazon S3 bucket that you specify. By using the information collected by- CloudTrail, you can determine what requests were made to KMS, who made- the request, when it was made, and so on. To learn more about+ CloudTrail, you can determine what requests were made to AWS KMS, who+ made the request, when it was made, and so on. To learn more about CloudTrail, including how to turn it on and find your log files, see the- <http://docs.aws.amazon.com/awscloudtrail/latest/userguide/whatiscloudtrail.html AWS CloudTrail User Guide>+ <http://docs.aws.amazon.com/awscloudtrail/latest/userguide/ AWS CloudTrail User Guide>. __Additional Resources__ For more information about credentials and request signing, see the following: - - <http://docs.aws.amazon.com/general/latest/gr/aws-security-credentials.html AWS Security Credentials>.- This topic provides general information about the types of+ - <http://docs.aws.amazon.com/general/latest/gr/aws-security-credentials.html AWS Security Credentials>+ - This topic provides general information about the types of credentials used for accessing AWS.- - <http://docs.aws.amazon.com/STS/latest/UsingSTS/ AWS Security Token Service>.- This guide describes how to create and use temporary security+ - <http://docs.aws.amazon.com/STS/latest/UsingSTS/ AWS Security Token Service>+ - This guide describes how to create and use temporary security credentials.- - <http://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html Signing AWS API Requests>.- This set of topics walks you through the process of signing a+ - <http://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html Signing AWS API Requests>+ - This set of topics walks you through the process of signing a request using an access key ID and a secret access key. __Commonly Used APIs__@@ -113,6 +113,7 @@ exposed-modules: Network.AWS.KMS+ , Network.AWS.KMS.CancelKeyDeletion , Network.AWS.KMS.CreateAlias , Network.AWS.KMS.CreateGrant , Network.AWS.KMS.CreateKey@@ -133,10 +134,12 @@ , Network.AWS.KMS.ListGrants , Network.AWS.KMS.ListKeyPolicies , Network.AWS.KMS.ListKeys+ , Network.AWS.KMS.ListRetirableGrants , Network.AWS.KMS.PutKeyPolicy , Network.AWS.KMS.ReEncrypt , Network.AWS.KMS.RetireGrant , Network.AWS.KMS.RevokeGrant+ , Network.AWS.KMS.ScheduleKeyDeletion , Network.AWS.KMS.Types , Network.AWS.KMS.UpdateAlias , Network.AWS.KMS.UpdateKeyDescription@@ -147,7 +150,7 @@ , Network.AWS.KMS.Types.Sum build-depends:- amazonka-core == 1.3.3.*+ amazonka-core == 1.3.4.* , base >= 4.7 && < 5 test-suite amazonka-kms-test@@ -167,9 +170,9 @@ , Test.AWS.KMS.Internal build-depends:- amazonka-core == 1.3.3.*- , amazonka-test == 1.3.3.*- , amazonka-kms == 1.3.3.*+ amazonka-core == 1.3.4.*+ , amazonka-test == 1.3.4.*+ , amazonka-kms == 1.3.4.* , base , bytestring , lens
+ fixture/CancelKeyDeletion.yaml view
+ fixture/CancelKeyDeletionResponse.proto view
+ fixture/ListRetirableGrants.yaml view
+ fixture/ListRetirableGrantsResponse.proto view
+ fixture/ScheduleKeyDeletion.yaml view
+ fixture/ScheduleKeyDeletionResponse.proto view
gen/Network/AWS/KMS.hs view
@@ -13,22 +13,22 @@ -- -- AWS Key Management Service ----- AWS Key Management Service (KMS) is an encryption and key management web--- service. This guide describes the KMS actions that you can call--- programmatically. For general information about KMS, see the--- <http://docs.aws.amazon.com/kms/latest/developerguide/overview.html AWS Key Management Service Developer Guide>+-- AWS Key Management Service (AWS KMS) is an encryption and key management+-- web service. This guide describes the AWS KMS operations that you can+-- call programmatically. For general information about AWS KMS, see the+-- <http://docs.aws.amazon.com/kms/latest/developerguide/ AWS Key Management Service Developer Guide>. -- -- AWS provides SDKs that consist of libraries and sample code for various -- programming languages and platforms (Java, Ruby, .Net, iOS, Android, -- etc.). The SDKs provide a convenient way to create programmatic access--- to KMS and AWS. For example, the SDKs take care of tasks such as signing--- requests (see below), managing errors, and retrying requests--- automatically. For more information about the AWS SDKs, including how to--- download and install them, see+-- to AWS KMS and other AWS services. For example, the SDKs take care of+-- tasks such as signing requests (see below), managing errors, and+-- retrying requests automatically. For more information about the AWS+-- SDKs, including how to download and install them, see -- <http://aws.amazon.com/tools/ Tools for Amazon Web Services>. -- -- We recommend that you use the AWS SDKs to make programmatic API calls to--- KMS.+-- AWS KMS. -- -- Clients must support TLS (Transport Layer Security) 1.0. We recommend -- TLS 1.2. Clients must also support cipher suites with Perfect Forward@@ -39,38 +39,38 @@ -- __Signing Requests__ -- -- Requests must be signed by using an access key ID and a secret access--- key. We strongly recommend that you do not use your AWS account access--- key ID and secret key for everyday work with KMS. Instead, use the+-- key. We strongly recommend that you /do not/ use your AWS account access+-- key ID and secret key for everyday work with AWS KMS. Instead, use the -- access key ID and secret access key for an IAM user, or you can use the -- AWS Security Token Service to generate temporary security credentials -- that you can use to sign requests. ----- All KMS operations require+-- All AWS KMS operations require -- <http://docs.aws.amazon.com/general/latest/gr/signature-version-4.html Signature Version 4>. ----- __Recording API Requests__+-- __Logging API Requests__ ----- KMS supports AWS CloudTrail, a service that records AWS API calls and+-- AWS KMS supports AWS CloudTrail, a service that logs AWS API calls and -- related events for your AWS account and delivers them to an Amazon S3 -- bucket that you specify. By using the information collected by--- CloudTrail, you can determine what requests were made to KMS, who made--- the request, when it was made, and so on. To learn more about+-- CloudTrail, you can determine what requests were made to AWS KMS, who+-- made the request, when it was made, and so on. To learn more about -- CloudTrail, including how to turn it on and find your log files, see the--- <http://docs.aws.amazon.com/awscloudtrail/latest/userguide/whatiscloudtrail.html AWS CloudTrail User Guide>+-- <http://docs.aws.amazon.com/awscloudtrail/latest/userguide/ AWS CloudTrail User Guide>. -- -- __Additional Resources__ -- -- For more information about credentials and request signing, see the -- following: ----- - <http://docs.aws.amazon.com/general/latest/gr/aws-security-credentials.html AWS Security Credentials>.--- This topic provides general information about the types of+-- - <http://docs.aws.amazon.com/general/latest/gr/aws-security-credentials.html AWS Security Credentials>+-- - This topic provides general information about the types of -- credentials used for accessing AWS.--- - <http://docs.aws.amazon.com/STS/latest/UsingSTS/ AWS Security Token Service>.--- This guide describes how to create and use temporary security+-- - <http://docs.aws.amazon.com/STS/latest/UsingSTS/ AWS Security Token Service>+-- - This guide describes how to create and use temporary security -- credentials.--- - <http://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html Signing AWS API Requests>.--- This set of topics walks you through the process of signing a+-- - <http://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html Signing AWS API Requests>+-- - This set of topics walks you through the process of signing a -- request using an access key ID and a secret access key. -- -- __Commonly Used APIs__@@ -97,6 +97,9 @@ -- ** InvalidMarkerException , _InvalidMarkerException + -- ** KMSInvalidStateException+ , _KMSInvalidStateException+ -- ** InvalidKeyUsageException , _InvalidKeyUsageException @@ -121,6 +124,9 @@ -- ** InvalidAliasNameException , _InvalidAliasNameException + -- ** InvalidGrantIdException+ , _InvalidGrantIdException+ -- ** InvalidGrantTokenException , _InvalidGrantTokenException @@ -169,6 +175,9 @@ -- ** ListAliases , module Network.AWS.KMS.ListAliases + -- ** ListRetirableGrants+ , module Network.AWS.KMS.ListRetirableGrants+ -- ** GenerateRandom , module Network.AWS.KMS.GenerateRandom @@ -199,6 +208,9 @@ -- ** DescribeKey , module Network.AWS.KMS.DescribeKey + -- ** CancelKeyDeletion+ , module Network.AWS.KMS.CancelKeyDeletion+ -- ** Decrypt , module Network.AWS.KMS.Decrypt @@ -211,6 +223,9 @@ -- ** ListKeyPolicies , module Network.AWS.KMS.ListKeyPolicies + -- ** ScheduleKeyDeletion+ , module Network.AWS.KMS.ScheduleKeyDeletion+ -- ** PutKeyPolicy , module Network.AWS.KMS.PutKeyPolicy @@ -231,6 +246,9 @@ -- ** GrantOperation , GrantOperation (..) + -- ** KeyState+ , KeyState (..)+ -- ** KeyUsageType , KeyUsageType (..) @@ -250,11 +268,14 @@ -- ** GrantListEntry , GrantListEntry , grantListEntry+ , gleKeyId , gleRetiringPrincipal , gleIssuingAccount , gleGrantId , gleConstraints , gleGranteePrincipal+ , gleName+ , gleCreationDate , gleOperations -- ** KeyListEntry@@ -268,13 +289,23 @@ , keyMetadata , kmEnabled , kmARN+ , kmKeyState , kmAWSAccountId , kmKeyUsage , kmCreationDate+ , kmDeletionDate , kmDescription , kmKeyId++ -- ** ListGrantsResponse+ , ListGrantsResponse+ , listGrantsResponse+ , lgTruncated+ , lgGrants+ , lgNextMarker ) where +import Network.AWS.KMS.CancelKeyDeletion import Network.AWS.KMS.CreateAlias import Network.AWS.KMS.CreateGrant import Network.AWS.KMS.CreateKey@@ -295,10 +326,12 @@ import Network.AWS.KMS.ListGrants import Network.AWS.KMS.ListKeyPolicies import Network.AWS.KMS.ListKeys+import Network.AWS.KMS.ListRetirableGrants import Network.AWS.KMS.PutKeyPolicy import Network.AWS.KMS.ReEncrypt import Network.AWS.KMS.RetireGrant import Network.AWS.KMS.RevokeGrant+import Network.AWS.KMS.ScheduleKeyDeletion import Network.AWS.KMS.Types import Network.AWS.KMS.UpdateAlias import Network.AWS.KMS.UpdateKeyDescription
+ gen/Network/AWS/KMS/CancelKeyDeletion.hs view
@@ -0,0 +1,142 @@+{-# LANGUAGE DeriveDataTypeable #-}+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE TypeFamilies #-}++{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-binds #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Network.AWS.KMS.CancelKeyDeletion+-- Copyright : (c) 2013-2015 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay <brendan.g.hay@gmail.com>+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- Cancels the deletion of a customer master key (CMK). When this operation+-- is successful, the CMK is set to the 'Disabled' state. To enable a CMK,+-- use EnableKey.+--+-- For more information about scheduling and canceling deletion of a CMK,+-- go to+-- <http://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys.html Deleting Customer Master Keys>+-- in the /AWS Key Management Service Developer Guide/.+--+-- /See:/ <http://docs.aws.amazon.com/kms/latest/APIReference/API_CancelKeyDeletion.html AWS API Reference> for CancelKeyDeletion.+module Network.AWS.KMS.CancelKeyDeletion+ (+ -- * Creating a Request+ cancelKeyDeletion+ , CancelKeyDeletion+ -- * Request Lenses+ , ckdKeyId++ -- * Destructuring the Response+ , cancelKeyDeletionResponse+ , CancelKeyDeletionResponse+ -- * Response Lenses+ , ckdrsKeyId+ , ckdrsResponseStatus+ ) where++import Network.AWS.KMS.Types+import Network.AWS.KMS.Types.Product+import Network.AWS.Prelude+import Network.AWS.Request+import Network.AWS.Response++-- | /See:/ 'cancelKeyDeletion' smart constructor.+newtype CancelKeyDeletion = CancelKeyDeletion'+ { _ckdKeyId :: Text+ } deriving (Eq,Read,Show,Data,Typeable,Generic)++-- | Creates a value of 'CancelKeyDeletion' with the minimum fields required to make a request.+--+-- Use one of the following lenses to modify other fields as desired:+--+-- * 'ckdKeyId'+cancelKeyDeletion+ :: Text -- ^ 'ckdKeyId'+ -> CancelKeyDeletion+cancelKeyDeletion pKeyId_ =+ CancelKeyDeletion'+ { _ckdKeyId = pKeyId_+ }++-- | The unique identifier for the customer master key (CMK) for which to+-- cancel deletion.+--+-- To specify this value, use the unique key ID or the Amazon Resource Name+-- (ARN) of the CMK. Examples:+--+-- - Unique key ID: 1234abcd-12ab-34cd-56ef-1234567890ab+-- - Key ARN:+-- arn:aws:kms:us-west-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab+--+-- To obtain the unique key ID and key ARN for a given CMK, use ListKeys or+-- DescribeKey.+ckdKeyId :: Lens' CancelKeyDeletion Text+ckdKeyId = lens _ckdKeyId (\ s a -> s{_ckdKeyId = a});++instance AWSRequest CancelKeyDeletion where+ type Rs CancelKeyDeletion = CancelKeyDeletionResponse+ request = postJSON kMS+ response+ = receiveJSON+ (\ s h x ->+ CancelKeyDeletionResponse' <$>+ (x .?> "KeyId") <*> (pure (fromEnum s)))++instance ToHeaders CancelKeyDeletion where+ toHeaders+ = const+ (mconcat+ ["X-Amz-Target" =#+ ("TrentService.CancelKeyDeletion" :: ByteString),+ "Content-Type" =#+ ("application/x-amz-json-1.1" :: ByteString)])++instance ToJSON CancelKeyDeletion where+ toJSON CancelKeyDeletion'{..}+ = object (catMaybes [Just ("KeyId" .= _ckdKeyId)])++instance ToPath CancelKeyDeletion where+ toPath = const "/"++instance ToQuery CancelKeyDeletion where+ toQuery = const mempty++-- | /See:/ 'cancelKeyDeletionResponse' smart constructor.+data CancelKeyDeletionResponse = CancelKeyDeletionResponse'+ { _ckdrsKeyId :: !(Maybe Text)+ , _ckdrsResponseStatus :: !Int+ } deriving (Eq,Read,Show,Data,Typeable,Generic)++-- | Creates a value of 'CancelKeyDeletionResponse' with the minimum fields required to make a request.+--+-- Use one of the following lenses to modify other fields as desired:+--+-- * 'ckdrsKeyId'+--+-- * 'ckdrsResponseStatus'+cancelKeyDeletionResponse+ :: Int -- ^ 'ckdrsResponseStatus'+ -> CancelKeyDeletionResponse+cancelKeyDeletionResponse pResponseStatus_ =+ CancelKeyDeletionResponse'+ { _ckdrsKeyId = Nothing+ , _ckdrsResponseStatus = pResponseStatus_+ }++-- | The unique identifier of the master key for which deletion is canceled.+ckdrsKeyId :: Lens' CancelKeyDeletionResponse (Maybe Text)+ckdrsKeyId = lens _ckdrsKeyId (\ s a -> s{_ckdrsKeyId = a});++-- | The response status code.+ckdrsResponseStatus :: Lens' CancelKeyDeletionResponse Int+ckdrsResponseStatus = lens _ckdrsResponseStatus (\ s a -> s{_ckdrsResponseStatus = a});
gen/Network/AWS/KMS/CreateAlias.hs view
@@ -27,10 +27,10 @@ -- after the forward slash (alias\/aws...) is reserved by Amazon Web -- Services (AWS). ----- To associate an alias with a different key, call UpdateAlias.+-- The alias and the key it is mapped to must be in the same AWS account+-- and the same region. ----- Note that you cannot create or update an alias that represents a key in--- another account.+-- To map an alias to a different key, call UpdateAlias. -- -- /See:/ <http://docs.aws.amazon.com/kms/latest/APIReference/API_CreateAlias.html AWS API Reference> for CreateAlias. module Network.AWS.KMS.CreateAlias
gen/Network/AWS/KMS/CreateGrant.hs view
@@ -18,16 +18,12 @@ -- Stability : auto-generated -- Portability : non-portable (GHC extensions) ----- Adds a grant to a key to specify who can access the key and under what+-- Adds a grant to a key to specify who can use the key and under what -- conditions. Grants are alternate permission mechanisms to key policies.+-- -- For more information about grants, see -- <http://docs.aws.amazon.com/kms/latest/developerguide/grants.html Grants>--- in the developer guide. If a grant is absent, access to the key is--- evaluated based on IAM policies attached to the user.------ 1. ListGrants--- 2. RetireGrant--- 3. RevokeGrant+-- in the /AWS Key Management Service Developer Guide/. -- -- /See:/ <http://docs.aws.amazon.com/kms/latest/APIReference/API_CreateGrant.html AWS API Reference> for CreateGrant. module Network.AWS.KMS.CreateGrant@@ -39,6 +35,7 @@ , cgRetiringPrincipal , cgGrantTokens , cgConstraints+ , cgName , cgOperations , cgKeyId , cgGranteePrincipal@@ -63,6 +60,7 @@ { _cgRetiringPrincipal :: !(Maybe Text) , _cgGrantTokens :: !(Maybe [Text]) , _cgConstraints :: !(Maybe GrantConstraints)+ , _cgName :: !(Maybe Text) , _cgOperations :: !(Maybe [GrantOperation]) , _cgKeyId :: !Text , _cgGranteePrincipal :: !Text@@ -78,6 +76,8 @@ -- -- * 'cgConstraints' --+-- * 'cgName'+-- -- * 'cgOperations' -- -- * 'cgKeyId'@@ -92,52 +92,97 @@ { _cgRetiringPrincipal = Nothing , _cgGrantTokens = Nothing , _cgConstraints = Nothing+ , _cgName = Nothing , _cgOperations = Nothing , _cgKeyId = pKeyId_ , _cgGranteePrincipal = pGranteePrincipal_ } --- | Principal given permission to retire the grant. For more information,--- see RetireGrant.+-- | The principal that is given permission to retire the grant by using+-- RetireGrant operation.+--+-- To specify the principal, use the+-- <http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Name (ARN)>+-- of an AWS principal. Valid AWS principals include AWS accounts (root),+-- IAM users, federated users, and assumed role users. For examples of the+-- ARN syntax to use for specifying a principal, see+-- <http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-iam AWS Identity and Access Management (IAM)>+-- in the Example ARNs section of the /AWS General Reference/. cgRetiringPrincipal :: Lens' CreateGrant (Maybe Text) cgRetiringPrincipal = lens _cgRetiringPrincipal (\ s a -> s{_cgRetiringPrincipal = a}); --- | For more information, see--- <http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token Grant Tokens>.+-- | A list of grant tokens.+--+-- For more information, go to+-- <http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token Grant Tokens>+-- in the /AWS Key Management Service Developer Guide/. cgGrantTokens :: Lens' CreateGrant [Text] cgGrantTokens = lens _cgGrantTokens (\ s a -> s{_cgGrantTokens = a}) . _Default . _Coerce; --- | Specifies the conditions under which the actions specified by the--- 'Operations' parameter are allowed.+-- | The conditions under which the operations permitted by the grant are+-- allowed.+--+-- You can use this value to allow the operations permitted by the grant+-- only when a specified encryption context is present. For more+-- information, see+-- <http://docs.aws.amazon.com/kms/latest/developerguide/encrypt-context.html Encryption Context>+-- in the /AWS Key Management Service Developer Guide/. cgConstraints :: Lens' CreateGrant (Maybe GrantConstraints) cgConstraints = lens _cgConstraints (\ s a -> s{_cgConstraints = a}); --- | List of operations permitted by the grant. This can be any combination--- of one or more of the following values:+-- | A friendly name for identifying the grant. Use this value to prevent+-- unintended creation of duplicate grants when retrying this request. ----- 1. Decrypt--- 2. Encrypt--- 3. GenerateDataKey--- 4. GenerateDataKeyWithoutPlaintext--- 5. ReEncryptFrom--- 6. ReEncryptTo--- 7. CreateGrant--- 8. RetireGrant+-- When this value is absent, all 'CreateGrant' requests result in a new+-- grant with a unique 'GrantId' even if all the supplied parameters are+-- identical. This can result in unintended duplicates when you retry the+-- 'CreateGrant' request.+--+-- When this value is present, you can retry a 'CreateGrant' request with+-- identical parameters; if the grant already exists, the original+-- 'GrantId' is returned without creating a new grant. Note that the+-- returned grant token is unique with every 'CreateGrant' request, even+-- when a duplicate 'GrantId' is returned. All grant tokens obtained in+-- this way can be used interchangeably.+cgName :: Lens' CreateGrant (Maybe Text)+cgName = lens _cgName (\ s a -> s{_cgName = a});++-- | A list of operations that the grant permits. The list can contain any+-- combination of one or more of the following values:+--+-- - Decrypt+-- - Encrypt+-- - GenerateDataKey+-- - GenerateDataKeyWithoutPlaintext+-- - ReEncryptFrom+-- - ReEncryptTo+-- - CreateGrant+-- - RetireGrant cgOperations :: Lens' CreateGrant [GrantOperation] cgOperations = lens _cgOperations (\ s a -> s{_cgOperations = a}) . _Default . _Coerce; --- | A unique identifier for the customer master key. This value can be a--- globally unique identifier or the fully specified ARN to a key.+-- | The unique identifier for the customer master key (CMK) that the grant+-- applies to. ----- - Key ARN Example ---- arn:aws:kms:us-east-1:123456789012:key\/12345678-1234-1234-1234-123456789012--- - Globally Unique Key ID Example ---- 12345678-1234-1234-1234-123456789012+-- To specify this value, use the globally unique key ID or the Amazon+-- Resource Name (ARN) of the key. Examples:+--+-- - Globally unique key ID: 12345678-1234-1234-1234-123456789012+-- - Key ARN:+-- arn:aws:kms:us-west-2:123456789012:key\/12345678-1234-1234-1234-123456789012 cgKeyId :: Lens' CreateGrant Text cgKeyId = lens _cgKeyId (\ s a -> s{_cgKeyId = a}); --- | Principal given permission by the grant to use the key identified by the--- 'keyId' parameter.+-- | The principal that is given permission to perform the operations that+-- the grant permits.+--+-- To specify the principal, use the+-- <http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Name (ARN)>+-- of an AWS principal. Valid AWS principals include AWS accounts (root),+-- IAM users, federated users, and assumed role users. For examples of the+-- ARN syntax to use for specifying a principal, see+-- <http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-iam AWS Identity and Access Management (IAM)>+-- in the Example ARNs section of the /AWS General Reference/. cgGranteePrincipal :: Lens' CreateGrant Text cgGranteePrincipal = lens _cgGranteePrincipal (\ s a -> s{_cgGranteePrincipal = a}); @@ -167,6 +212,7 @@ [("RetiringPrincipal" .=) <$> _cgRetiringPrincipal, ("GrantTokens" .=) <$> _cgGrantTokens, ("Constraints" .=) <$> _cgConstraints,+ ("Name" .=) <$> _cgName, ("Operations" .=) <$> _cgOperations, Just ("KeyId" .= _cgKeyId), Just ("GranteePrincipal" .= _cgGranteePrincipal)])@@ -203,13 +249,18 @@ , _cgrsResponseStatus = pResponseStatus_ } --- | Unique grant identifier. You can use the /GrantId/ value to revoke a--- grant.+-- | The unique identifier for the grant.+--+-- You can use the 'GrantId' in a subsequent RetireGrant or RevokeGrant+-- operation. cgrsGrantId :: Lens' CreateGrantResponse (Maybe Text) cgrsGrantId = lens _cgrsGrantId (\ s a -> s{_cgrsGrantId = a}); --- | For more information, see--- <http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token Grant Tokens>.+-- | The grant token.+--+-- For more information about using grant tokens, see+-- <http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token Grant Tokens>+-- in the /AWS Key Management Service Developer Guide/. cgrsGrantToken :: Lens' CreateGrantResponse (Maybe Text) cgrsGrantToken = lens _cgrsGrantToken (\ s a -> s{_cgrsGrantToken = a});
gen/Network/AWS/KMS/CreateKey.hs view
@@ -80,8 +80,9 @@ ckKeyUsage :: Lens' CreateKey (Maybe KeyUsageType) ckKeyUsage = lens _ckKeyUsage (\ s a -> s{_ckKeyUsage = a}); --- | Policy to be attached to the key. This is required and delegates back to--- the account. The key is the root of trust.+-- | Policy to attach to the key. This is required and delegates back to the+-- account. The key is the root of trust. The policy size limit is 32 KiB+-- (32768 bytes). ckPolicy :: Lens' CreateKey (Maybe Text) ckPolicy = lens _ckPolicy (\ s a -> s{_ckPolicy = a});
gen/Network/AWS/KMS/Decrypt.hs view
@@ -41,9 +41,9 @@ decrypt , Decrypt -- * Request Lenses- , dEncryptionContext- , dGrantTokens- , dCiphertextBlob+ , decEncryptionContext+ , decGrantTokens+ , decCiphertextBlob -- * Destructuring the Response , decryptResponse@@ -62,41 +62,44 @@ -- | /See:/ 'decrypt' smart constructor. data Decrypt = Decrypt'- { _dEncryptionContext :: !(Maybe (Map Text Text))- , _dGrantTokens :: !(Maybe [Text])- , _dCiphertextBlob :: !Base64+ { _decEncryptionContext :: !(Maybe (Map Text Text))+ , _decGrantTokens :: !(Maybe [Text])+ , _decCiphertextBlob :: !Base64 } deriving (Eq,Read,Show,Data,Typeable,Generic) -- | Creates a value of 'Decrypt' with the minimum fields required to make a request. -- -- Use one of the following lenses to modify other fields as desired: ----- * 'dEncryptionContext'+-- * 'decEncryptionContext' ----- * 'dGrantTokens'+-- * 'decGrantTokens' ----- * 'dCiphertextBlob'+-- * 'decCiphertextBlob' decrypt- :: ByteString -- ^ 'dCiphertextBlob'+ :: ByteString -- ^ 'decCiphertextBlob' -> Decrypt decrypt pCiphertextBlob_ = Decrypt'- { _dEncryptionContext = Nothing- , _dGrantTokens = Nothing- , _dCiphertextBlob = _Base64 # pCiphertextBlob_+ { _decEncryptionContext = Nothing+ , _decGrantTokens = Nothing+ , _decCiphertextBlob = _Base64 # pCiphertextBlob_ } -- | The encryption context. If this was specified in the Encrypt function, -- it must be specified here or the decryption operation will fail. For -- more information, see -- <http://docs.aws.amazon.com/kms/latest/developerguide/encrypt-context.html Encryption Context>.-dEncryptionContext :: Lens' Decrypt (HashMap Text Text)-dEncryptionContext = lens _dEncryptionContext (\ s a -> s{_dEncryptionContext = a}) . _Default . _Map;+decEncryptionContext :: Lens' Decrypt (HashMap Text Text)+decEncryptionContext = lens _decEncryptionContext (\ s a -> s{_decEncryptionContext = a}) . _Default . _Map; --- | For more information, see--- <http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token Grant Tokens>.-dGrantTokens :: Lens' Decrypt [Text]-dGrantTokens = lens _dGrantTokens (\ s a -> s{_dGrantTokens = a}) . _Default . _Coerce;+-- | A list of grant tokens.+--+-- For more information, go to+-- <http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token Grant Tokens>+-- in the /AWS Key Management Service Developer Guide/.+decGrantTokens :: Lens' Decrypt [Text]+decGrantTokens = lens _decGrantTokens (\ s a -> s{_decGrantTokens = a}) . _Default . _Coerce; -- | Ciphertext to be decrypted. The blob includes metadata. --@@ -105,8 +108,8 @@ -- The underlying isomorphism will encode to Base64 representation during -- serialisation, and decode from Base64 representation during deserialisation. -- This 'Lens' accepts and returns only raw unencoded data.-dCiphertextBlob :: Lens' Decrypt ByteString-dCiphertextBlob = lens _dCiphertextBlob (\ s a -> s{_dCiphertextBlob = a}) . _Base64;+decCiphertextBlob :: Lens' Decrypt ByteString+decCiphertextBlob = lens _decCiphertextBlob (\ s a -> s{_decCiphertextBlob = a}) . _Base64; instance AWSRequest Decrypt where type Rs Decrypt = DecryptResponse@@ -131,9 +134,9 @@ toJSON Decrypt'{..} = object (catMaybes- [("EncryptionContext" .=) <$> _dEncryptionContext,- ("GrantTokens" .=) <$> _dGrantTokens,- Just ("CiphertextBlob" .= _dCiphertextBlob)])+ [("EncryptionContext" .=) <$> _decEncryptionContext,+ ("GrantTokens" .=) <$> _decGrantTokens,+ Just ("CiphertextBlob" .= _decCiphertextBlob)]) instance ToPath Decrypt where toPath = const "/"
gen/Network/AWS/KMS/DeleteAlias.hs view
@@ -18,8 +18,8 @@ -- Stability : auto-generated -- Portability : non-portable (GHC extensions) ----- Deletes the specified alias. To associate an alias with a different key,--- call UpdateAlias.+-- Deletes the specified alias. To map an alias to a different key, call+-- UpdateAlias. -- -- /See:/ <http://docs.aws.amazon.com/kms/latest/APIReference/API_DeleteAlias.html AWS API Reference> for DeleteAlias. module Network.AWS.KMS.DeleteAlias
gen/Network/AWS/KMS/DescribeKey.hs view
@@ -27,6 +27,7 @@ describeKey , DescribeKey -- * Request Lenses+ , dGrantTokens , dKeyId -- * Destructuring the Response@@ -44,23 +45,35 @@ import Network.AWS.Response -- | /See:/ 'describeKey' smart constructor.-newtype DescribeKey = DescribeKey'- { _dKeyId :: Text+data DescribeKey = DescribeKey'+ { _dGrantTokens :: !(Maybe [Text])+ , _dKeyId :: !Text } deriving (Eq,Read,Show,Data,Typeable,Generic) -- | Creates a value of 'DescribeKey' with the minimum fields required to make a request. -- -- Use one of the following lenses to modify other fields as desired: --+-- * 'dGrantTokens'+-- -- * 'dKeyId' describeKey :: Text -- ^ 'dKeyId' -> DescribeKey describeKey pKeyId_ = DescribeKey'- { _dKeyId = pKeyId_+ { _dGrantTokens = Nothing+ , _dKeyId = pKeyId_ } +-- | A list of grant tokens.+--+-- For more information, go to+-- <http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token Grant Tokens>+-- in the /AWS Key Management Service Developer Guide/.+dGrantTokens :: Lens' DescribeKey [Text]+dGrantTokens = lens _dGrantTokens (\ s a -> s{_dGrantTokens = a}) . _Default . _Coerce;+ -- | A unique identifier for the customer master key. This value can be a -- globally unique identifier, a fully specified ARN to either an alias or -- a key, or an alias name prefixed by \"alias\/\".@@ -95,7 +108,10 @@ instance ToJSON DescribeKey where toJSON DescribeKey'{..}- = object (catMaybes [Just ("KeyId" .= _dKeyId)])+ = object+ (catMaybes+ [("GrantTokens" .=) <$> _dGrantTokens,+ Just ("KeyId" .= _dKeyId)]) instance ToPath DescribeKey where toPath = const "/"
gen/Network/AWS/KMS/DisableKey.hs view
@@ -18,7 +18,11 @@ -- Stability : auto-generated -- Portability : non-portable (GHC extensions) ----- Marks a key as disabled, thereby preventing its use.+-- Sets the state of a master key to disabled, thereby preventing its use+-- for cryptographic operations. For more information about how key state+-- affects the use of a master key, go to+-- <http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html How Key State Affects the Use of a Customer Master Key>+-- in the /AWS Key Management Service Developer Guide/. -- -- /See:/ <http://docs.aws.amazon.com/kms/latest/APIReference/API_DisableKey.html AWS API Reference> for DisableKey. module Network.AWS.KMS.DisableKey
gen/Network/AWS/KMS/EnableKey.hs view
@@ -18,8 +18,7 @@ -- Stability : auto-generated -- Portability : non-portable (GHC extensions) ----- Marks a key as enabled, thereby permitting its use. You can have up to--- 25 enabled keys at one time.+-- Marks a key as enabled, thereby permitting its use. -- -- /See:/ <http://docs.aws.amazon.com/kms/latest/APIReference/API_EnableKey.html AWS API Reference> for EnableKey. module Network.AWS.KMS.EnableKey
gen/Network/AWS/KMS/Encrypt.hs view
@@ -106,8 +106,11 @@ eEncryptionContext :: Lens' Encrypt (HashMap Text Text) eEncryptionContext = lens _eEncryptionContext (\ s a -> s{_eEncryptionContext = a}) . _Default . _Map; --- | For more information, see--- <http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token Grant Tokens>.+-- | A list of grant tokens.+--+-- For more information, go to+-- <http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token Grant Tokens>+-- in the /AWS Key Management Service Developer Guide/. eGrantTokens :: Lens' Encrypt [Text] eGrantTokens = lens _eGrantTokens (\ s a -> s{_eGrantTokens = a}) . _Default . _Coerce;
gen/Network/AWS/KMS/GenerateDataKey.hs view
@@ -134,8 +134,11 @@ gdkNumberOfBytes :: Lens' GenerateDataKey (Maybe Natural) gdkNumberOfBytes = lens _gdkNumberOfBytes (\ s a -> s{_gdkNumberOfBytes = a}) . mapping _Nat; --- | For more information, see--- <http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token Grant Tokens>.+-- | A list of grant tokens.+--+-- For more information, go to+-- <http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token Grant Tokens>+-- in the /AWS Key Management Service Developer Guide/. gdkGrantTokens :: Lens' GenerateDataKey [Text] gdkGrantTokens = lens _gdkGrantTokens (\ s a -> s{_gdkGrantTokens = a}) . _Default . _Coerce;
gen/Network/AWS/KMS/GenerateDataKeyWithoutPlaintext.hs view
@@ -102,8 +102,11 @@ gdkwpNumberOfBytes :: Lens' GenerateDataKeyWithoutPlaintext (Maybe Natural) gdkwpNumberOfBytes = lens _gdkwpNumberOfBytes (\ s a -> s{_gdkwpNumberOfBytes = a}) . mapping _Nat; --- | For more information, see--- <http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token Grant Tokens>.+-- | A list of grant tokens.+--+-- For more information, go to+-- <http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token Grant Tokens>+-- in the /AWS Key Management Service Developer Guide/. gdkwpGrantTokens :: Lens' GenerateDataKeyWithoutPlaintext [Text] gdkwpGrantTokens = lens _gdkwpGrantTokens (\ s a -> s{_gdkwpGrantTokens = a}) . _Default . _Coerce;
gen/Network/AWS/KMS/ListAliases.hs view
@@ -67,17 +67,18 @@ , _laLimit = Nothing } --- | Use this parameter when paginating results, and only in a subsequent--- request after you\'ve received a response where the results are--- truncated. Set it to the value of the 'NextMarker' element in the--- response you just received.+-- | Use this parameter only when paginating results and only in a subsequent+-- request after you\'ve received a response with truncated results. Set it+-- to the value of 'NextMarker' from the response you just received. laMarker :: Lens' ListAliases (Maybe Text) laMarker = lens _laMarker (\ s a -> s{_laMarker = a}); --- | Specify this parameter when paginating results to indicate the maximum--- number of aliases you want in each response. If there are additional--- aliases beyond the maximum you specify, the 'Truncated' response element--- will be set to 'true.'+-- | When paginating results, specify the maximum number of items to return+-- in the response. If additional items exist beyond the number you+-- specify, the 'Truncated' element in the response is set to true.+--+-- This value is optional. If you include a value, it must be between 1 and+-- 100, inclusive. If you do not include a value, it defaults to 50. laLimit :: Lens' ListAliases (Maybe Natural) laLimit = lens _laLimit (\ s a -> s{_laLimit = a}) . mapping _Nat; @@ -145,9 +146,8 @@ } -- | A flag that indicates whether there are more items in the list. If your--- results were truncated, you can make a subsequent pagination request--- using the 'Marker' request parameter to retrieve more aliases in the--- list.+-- results were truncated, you can use the 'Marker' parameter to make a+-- subsequent pagination request to retrieve more items in the list. larsTruncated :: Lens' ListAliasesResponse (Maybe Bool) larsTruncated = lens _larsTruncated (\ s a -> s{_larsTruncated = a}); @@ -155,9 +155,8 @@ larsAliases :: Lens' ListAliasesResponse [AliasListEntry] larsAliases = lens _larsAliases (\ s a -> s{_larsAliases = a}) . _Default . _Coerce; --- | If 'Truncated' is true, this value is present and contains the value to--- use for the 'Marker' request parameter in a subsequent pagination--- request.+-- | When 'Truncated' is true, this value is present and contains the value+-- to use for the 'Marker' parameter in a subsequent pagination request. larsNextMarker :: Lens' ListAliasesResponse (Maybe Text) larsNextMarker = lens _larsNextMarker (\ s a -> s{_larsNextMarker = a});
gen/Network/AWS/KMS/ListGrants.hs view
@@ -35,10 +35,9 @@ , listGrantsResponse , ListGrantsResponse -- * Response Lenses- , lgrsTruncated- , lgrsGrants- , lgrsNextMarker- , lgrsResponseStatus+ , lgTruncated+ , lgGrants+ , lgNextMarker ) where import Network.AWS.KMS.Types@@ -73,17 +72,18 @@ , _lgKeyId = pKeyId_ } --- | Use this parameter only when paginating results, and only in a--- subsequent request after you\'ve received a response where the results--- are truncated. Set it to the value of the 'NextMarker' in the response--- you just received.+-- | Use this parameter only when paginating results and only in a subsequent+-- request after you\'ve received a response with truncated results. Set it+-- to the value of 'NextMarker' from the response you just received. lgMarker :: Lens' ListGrants (Maybe Text) lgMarker = lens _lgMarker (\ s a -> s{_lgMarker = a}); --- | Specify this parameter only when paginating results to indicate the--- maximum number of grants you want listed in the response. If there are--- additional grants beyond the maximum you specify, the 'Truncated'--- response element will be set to 'true.'+-- | When paginating results, specify the maximum number of items to return+-- in the response. If additional items exist beyond the number you+-- specify, the 'Truncated' element in the response is set to true.+--+-- This value is optional. If you include a value, it must be between 1 and+-- 100, inclusive. If you do not include a value, it defaults to 50. lgLimit :: Lens' ListGrants (Maybe Natural) lgLimit = lens _lgLimit (\ s a -> s{_lgLimit = a}) . mapping _Nat; @@ -100,13 +100,7 @@ instance AWSRequest ListGrants where type Rs ListGrants = ListGrantsResponse request = postJSON kMS- response- = receiveJSON- (\ s h x ->- ListGrantsResponse' <$>- (x .?> "Truncated") <*> (x .?> "Grants" .!@ mempty)- <*> (x .?> "NextMarker")- <*> (pure (fromEnum s)))+ response = receiveJSON (\ s h x -> eitherParseJSON x) instance ToHeaders ListGrants where toHeaders@@ -130,54 +124,3 @@ instance ToQuery ListGrants where toQuery = const mempty---- | /See:/ 'listGrantsResponse' smart constructor.-data ListGrantsResponse = ListGrantsResponse'- { _lgrsTruncated :: !(Maybe Bool)- , _lgrsGrants :: !(Maybe [GrantListEntry])- , _lgrsNextMarker :: !(Maybe Text)- , _lgrsResponseStatus :: !Int- } deriving (Eq,Read,Show,Data,Typeable,Generic)---- | Creates a value of 'ListGrantsResponse' with the minimum fields required to make a request.------ Use one of the following lenses to modify other fields as desired:------ * 'lgrsTruncated'------ * 'lgrsGrants'------ * 'lgrsNextMarker'------ * 'lgrsResponseStatus'-listGrantsResponse- :: Int -- ^ 'lgrsResponseStatus'- -> ListGrantsResponse-listGrantsResponse pResponseStatus_ =- ListGrantsResponse'- { _lgrsTruncated = Nothing- , _lgrsGrants = Nothing- , _lgrsNextMarker = Nothing- , _lgrsResponseStatus = pResponseStatus_- }---- | A flag that indicates whether there are more items in the list. If your--- results were truncated, you can make a subsequent pagination request--- using the 'Marker' request parameter to retrieve more grants in the--- list.-lgrsTruncated :: Lens' ListGrantsResponse (Maybe Bool)-lgrsTruncated = lens _lgrsTruncated (\ s a -> s{_lgrsTruncated = a});---- | A list of grants.-lgrsGrants :: Lens' ListGrantsResponse [GrantListEntry]-lgrsGrants = lens _lgrsGrants (\ s a -> s{_lgrsGrants = a}) . _Default . _Coerce;---- | If 'Truncated' is true, this value is present and contains the value to--- use for the 'Marker' request parameter in a subsequent pagination--- request.-lgrsNextMarker :: Lens' ListGrantsResponse (Maybe Text)-lgrsNextMarker = lens _lgrsNextMarker (\ s a -> s{_lgrsNextMarker = a});---- | The response status code.-lgrsResponseStatus :: Lens' ListGrantsResponse Int-lgrsResponseStatus = lens _lgrsResponseStatus (\ s a -> s{_lgrsResponseStatus = a});
gen/Network/AWS/KMS/ListKeyPolicies.hs view
@@ -73,17 +73,20 @@ , _lkpKeyId = pKeyId_ } --- | Use this parameter only when paginating results, and only in a--- subsequent request after you\'ve received a response where the results--- are truncated. Set it to the value of the 'NextMarker' in the response--- you just received.+-- | Use this parameter only when paginating results and only in a subsequent+-- request after you\'ve received a response with truncated results. Set it+-- to the value of 'NextMarker' from the response you just received. lkpMarker :: Lens' ListKeyPolicies (Maybe Text) lkpMarker = lens _lkpMarker (\ s a -> s{_lkpMarker = a}); --- | Specify this parameter only when paginating results to indicate the--- maximum number of policies you want listed in the response. If there are--- additional policies beyond the maximum you specify, the 'Truncated'--- response element will be set to 'true.'+-- | When paginating results, specify the maximum number of items to return+-- in the response. If additional items exist beyond the number you+-- specify, the 'Truncated' element in the response is set to true.+--+-- This value is optional. If you include a value, it must be between 1 and+-- 1000, inclusive. If you do not include a value, it defaults to 100.+--+-- Currently only 1 policy can be attached to a key. lkpLimit :: Lens' ListKeyPolicies (Maybe Natural) lkpLimit = lens _lkpLimit (\ s a -> s{_lkpLimit = a}) . mapping _Nat; @@ -172,15 +175,13 @@ lkprsPolicyNames = lens _lkprsPolicyNames (\ s a -> s{_lkprsPolicyNames = a}) . _Default . _Coerce; -- | A flag that indicates whether there are more items in the list. If your--- results were truncated, you can make a subsequent pagination request--- using the 'Marker' request parameter to retrieve more policies in the--- list.+-- results were truncated, you can use the 'Marker' parameter to make a+-- subsequent pagination request to retrieve more items in the list. lkprsTruncated :: Lens' ListKeyPoliciesResponse (Maybe Bool) lkprsTruncated = lens _lkprsTruncated (\ s a -> s{_lkprsTruncated = a}); --- | If 'Truncated' is true, this value is present and contains the value to--- use for the 'Marker' request parameter in a subsequent pagination--- request.+-- | When 'Truncated' is true, this value is present and contains the value+-- to use for the 'Marker' parameter in a subsequent pagination request. lkprsNextMarker :: Lens' ListKeyPoliciesResponse (Maybe Text) lkprsNextMarker = lens _lkprsNextMarker (\ s a -> s{_lkprsNextMarker = a});
gen/Network/AWS/KMS/ListKeys.hs view
@@ -67,17 +67,18 @@ , _lkLimit = Nothing } --- | Use this parameter only when paginating results, and only in a--- subsequent request after you\'ve received a response where the results--- are truncated. Set it to the value of the 'NextMarker' in the response--- you just received.+-- | Use this parameter only when paginating results and only in a subsequent+-- request after you\'ve received a response with truncated results. Set it+-- to the value of 'NextMarker' from the response you just received. lkMarker :: Lens' ListKeys (Maybe Text) lkMarker = lens _lkMarker (\ s a -> s{_lkMarker = a}); --- | Specify this parameter only when paginating results to indicate the--- maximum number of keys you want listed in the response. If there are--- additional keys beyond the maximum you specify, the 'Truncated' response--- element will be set to 'true.'+-- | When paginating results, specify the maximum number of items to return+-- in the response. If additional items exist beyond the number you+-- specify, the 'Truncated' element in the response is set to true.+--+-- This value is optional. If you include a value, it must be between 1 and+-- 1000, inclusive. If you do not include a value, it defaults to 100. lkLimit :: Lens' ListKeys (Maybe Natural) lkLimit = lens _lkLimit (\ s a -> s{_lkLimit = a}) . mapping _Nat; @@ -145,8 +146,8 @@ } -- | A flag that indicates whether there are more items in the list. If your--- results were truncated, you can make a subsequent pagination request--- using the 'Marker' request parameter to retrieve more keys in the list.+-- results were truncated, you can use the 'Marker' parameter to make a+-- subsequent pagination request to retrieve more items in the list. lkrsTruncated :: Lens' ListKeysResponse (Maybe Bool) lkrsTruncated = lens _lkrsTruncated (\ s a -> s{_lkrsTruncated = a}); @@ -154,9 +155,8 @@ lkrsKeys :: Lens' ListKeysResponse [KeyListEntry] lkrsKeys = lens _lkrsKeys (\ s a -> s{_lkrsKeys = a}) . _Default . _Coerce; --- | If 'Truncated' is true, this value is present and contains the value to--- use for the 'Marker' request parameter in a subsequent pagination--- request.+-- | When 'Truncated' is true, this value is present and contains the value+-- to use for the 'Marker' parameter in a subsequent pagination request. lkrsNextMarker :: Lens' ListKeysResponse (Maybe Text) lkrsNextMarker = lens _lkrsNextMarker (\ s a -> s{_lkrsNextMarker = a});
+ gen/Network/AWS/KMS/ListRetirableGrants.hs view
@@ -0,0 +1,133 @@+{-# LANGUAGE DeriveDataTypeable #-}+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE TypeFamilies #-}++{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-binds #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Network.AWS.KMS.ListRetirableGrants+-- Copyright : (c) 2013-2015 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay <brendan.g.hay@gmail.com>+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- Returns a list of all grants for which the grant\'s 'RetiringPrincipal'+-- matches the one specified.+--+-- A typical use is to list all grants that you are able to retire. To+-- retire a grant, use RetireGrant.+--+-- /See:/ <http://docs.aws.amazon.com/kms/latest/APIReference/API_ListRetirableGrants.html AWS API Reference> for ListRetirableGrants.+module Network.AWS.KMS.ListRetirableGrants+ (+ -- * Creating a Request+ listRetirableGrants+ , ListRetirableGrants+ -- * Request Lenses+ , lrgMarker+ , lrgLimit+ , lrgRetiringPrincipal++ -- * Destructuring the Response+ , listGrantsResponse+ , ListGrantsResponse+ -- * Response Lenses+ , lgTruncated+ , lgGrants+ , lgNextMarker+ ) where++import Network.AWS.KMS.Types+import Network.AWS.KMS.Types.Product+import Network.AWS.Prelude+import Network.AWS.Request+import Network.AWS.Response++-- | /See:/ 'listRetirableGrants' smart constructor.+data ListRetirableGrants = ListRetirableGrants'+ { _lrgMarker :: !(Maybe Text)+ , _lrgLimit :: !(Maybe Nat)+ , _lrgRetiringPrincipal :: !Text+ } deriving (Eq,Read,Show,Data,Typeable,Generic)++-- | Creates a value of 'ListRetirableGrants' with the minimum fields required to make a request.+--+-- Use one of the following lenses to modify other fields as desired:+--+-- * 'lrgMarker'+--+-- * 'lrgLimit'+--+-- * 'lrgRetiringPrincipal'+listRetirableGrants+ :: Text -- ^ 'lrgRetiringPrincipal'+ -> ListRetirableGrants+listRetirableGrants pRetiringPrincipal_ =+ ListRetirableGrants'+ { _lrgMarker = Nothing+ , _lrgLimit = Nothing+ , _lrgRetiringPrincipal = pRetiringPrincipal_+ }++-- | Use this parameter only when paginating results and only in a subsequent+-- request after you\'ve received a response with truncated results. Set it+-- to the value of 'NextMarker' from the response you just received.+lrgMarker :: Lens' ListRetirableGrants (Maybe Text)+lrgMarker = lens _lrgMarker (\ s a -> s{_lrgMarker = a});++-- | When paginating results, specify the maximum number of items to return+-- in the response. If additional items exist beyond the number you+-- specify, the 'Truncated' element in the response is set to true.+--+-- This value is optional. If you include a value, it must be between 1 and+-- 100, inclusive. If you do not include a value, it defaults to 50.+lrgLimit :: Lens' ListRetirableGrants (Maybe Natural)+lrgLimit = lens _lrgLimit (\ s a -> s{_lrgLimit = a}) . mapping _Nat;++-- | The retiring principal for which to list grants.+--+-- To specify the retiring principal, use the+-- <http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Name (ARN)>+-- of an AWS principal. Valid AWS principals include AWS accounts (root),+-- IAM users, federated users, and assumed role users. For examples of the+-- ARN syntax for specifying a principal, go to+-- <http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-iam AWS Identity and Access Management (IAM)>+-- in the Example ARNs section of the /Amazon Web Services General+-- Reference/.+lrgRetiringPrincipal :: Lens' ListRetirableGrants Text+lrgRetiringPrincipal = lens _lrgRetiringPrincipal (\ s a -> s{_lrgRetiringPrincipal = a});++instance AWSRequest ListRetirableGrants where+ type Rs ListRetirableGrants = ListGrantsResponse+ request = postJSON kMS+ response = receiveJSON (\ s h x -> eitherParseJSON x)++instance ToHeaders ListRetirableGrants where+ toHeaders+ = const+ (mconcat+ ["X-Amz-Target" =#+ ("TrentService.ListRetirableGrants" :: ByteString),+ "Content-Type" =#+ ("application/x-amz-json-1.1" :: ByteString)])++instance ToJSON ListRetirableGrants where+ toJSON ListRetirableGrants'{..}+ = object+ (catMaybes+ [("Marker" .=) <$> _lrgMarker,+ ("Limit" .=) <$> _lrgLimit,+ Just ("RetiringPrincipal" .= _lrgRetiringPrincipal)])++instance ToPath ListRetirableGrants where+ toPath = const "/"++instance ToQuery ListRetirableGrants where+ toQuery = const mempty
gen/Network/AWS/KMS/PutKeyPolicy.hs view
@@ -85,7 +85,9 @@ pkpPolicyName :: Lens' PutKeyPolicy Text pkpPolicyName = lens _pkpPolicyName (\ s a -> s{_pkpPolicyName = a}); --- | The policy, in JSON format, to be attached to the key.+-- | The policy to attach to the key. This is required and delegates back to+-- the account. The key is the root of trust. The policy size limit is 32+-- KiB (32768 bytes). pkpPolicy :: Lens' PutKeyPolicy Text pkpPolicy = lens _pkpPolicy (\ s a -> s{_pkpPolicy = a});
gen/Network/AWS/KMS/ReEncrypt.hs view
@@ -105,8 +105,11 @@ reSourceEncryptionContext :: Lens' ReEncrypt (HashMap Text Text) reSourceEncryptionContext = lens _reSourceEncryptionContext (\ s a -> s{_reSourceEncryptionContext = a}) . _Default . _Map; --- | For more information, see--- <http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token Grant Tokens>.+-- | A list of grant tokens.+--+-- For more information, go to+-- <http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token Grant Tokens>+-- in the /AWS Key Management Service Developer Guide/. reGrantTokens :: Lens' ReEncrypt [Text] reGrantTokens = lens _reGrantTokens (\ s a -> s{_reGrantTokens = a}) . _Default . _Coerce;
+ gen/Network/AWS/KMS/ScheduleKeyDeletion.hs view
@@ -0,0 +1,180 @@+{-# LANGUAGE DeriveDataTypeable #-}+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE TypeFamilies #-}++{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-binds #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Network.AWS.KMS.ScheduleKeyDeletion+-- Copyright : (c) 2013-2015 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay <brendan.g.hay@gmail.com>+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- Schedules the deletion of a customer master key (CMK). You may provide a+-- waiting period, specified in days, before deletion occurs. If you do not+-- provide a waiting period, the default period of 30 days is used. When+-- this operation is successful, the state of the CMK changes to+-- 'PendingDeletion'. Before the waiting period ends, you can use+-- CancelKeyDeletion to cancel the deletion of the CMK. After the waiting+-- period ends, AWS KMS deletes the CMK and all AWS KMS data associated+-- with it, including all aliases that point to it.+--+-- Deleting a CMK is a destructive and potentially dangerous operation.+-- When a CMK is deleted, all data that was encrypted under the CMK is+-- rendered unrecoverable. To restrict the use of a CMK without deleting+-- it, use DisableKey.+--+-- For more information about scheduling a CMK for deletion, go to+-- <http://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys.html Deleting Customer Master Keys>+-- in the /AWS Key Management Service Developer Guide/.+--+-- /See:/ <http://docs.aws.amazon.com/kms/latest/APIReference/API_ScheduleKeyDeletion.html AWS API Reference> for ScheduleKeyDeletion.+module Network.AWS.KMS.ScheduleKeyDeletion+ (+ -- * Creating a Request+ scheduleKeyDeletion+ , ScheduleKeyDeletion+ -- * Request Lenses+ , skdPendingWindowInDays+ , skdKeyId++ -- * Destructuring the Response+ , scheduleKeyDeletionResponse+ , ScheduleKeyDeletionResponse+ -- * Response Lenses+ , skdrsKeyId+ , skdrsDeletionDate+ , skdrsResponseStatus+ ) where++import Network.AWS.KMS.Types+import Network.AWS.KMS.Types.Product+import Network.AWS.Prelude+import Network.AWS.Request+import Network.AWS.Response++-- | /See:/ 'scheduleKeyDeletion' smart constructor.+data ScheduleKeyDeletion = ScheduleKeyDeletion'+ { _skdPendingWindowInDays :: !(Maybe Nat)+ , _skdKeyId :: !Text+ } deriving (Eq,Read,Show,Data,Typeable,Generic)++-- | Creates a value of 'ScheduleKeyDeletion' with the minimum fields required to make a request.+--+-- Use one of the following lenses to modify other fields as desired:+--+-- * 'skdPendingWindowInDays'+--+-- * 'skdKeyId'+scheduleKeyDeletion+ :: Text -- ^ 'skdKeyId'+ -> ScheduleKeyDeletion+scheduleKeyDeletion pKeyId_ =+ ScheduleKeyDeletion'+ { _skdPendingWindowInDays = Nothing+ , _skdKeyId = pKeyId_+ }++-- | The waiting period, specified in number of days. After the waiting+-- period ends, AWS KMS deletes the customer master key (CMK).+--+-- This value is optional. If you include a value, it must be between 7 and+-- 30, inclusive. If you do not include a value, it defaults to 30.+skdPendingWindowInDays :: Lens' ScheduleKeyDeletion (Maybe Natural)+skdPendingWindowInDays = lens _skdPendingWindowInDays (\ s a -> s{_skdPendingWindowInDays = a}) . mapping _Nat;++-- | The unique identifier for the customer master key (CMK) to delete.+--+-- To specify this value, use the unique key ID or the Amazon Resource Name+-- (ARN) of the CMK. Examples:+--+-- - Unique key ID: 1234abcd-12ab-34cd-56ef-1234567890ab+-- - Key ARN:+-- arn:aws:kms:us-west-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab+--+-- To obtain the unique key ID and key ARN for a given CMK, use ListKeys or+-- DescribeKey.+skdKeyId :: Lens' ScheduleKeyDeletion Text+skdKeyId = lens _skdKeyId (\ s a -> s{_skdKeyId = a});++instance AWSRequest ScheduleKeyDeletion where+ type Rs ScheduleKeyDeletion =+ ScheduleKeyDeletionResponse+ request = postJSON kMS+ response+ = receiveJSON+ (\ s h x ->+ ScheduleKeyDeletionResponse' <$>+ (x .?> "KeyId") <*> (x .?> "DeletionDate") <*>+ (pure (fromEnum s)))++instance ToHeaders ScheduleKeyDeletion where+ toHeaders+ = const+ (mconcat+ ["X-Amz-Target" =#+ ("TrentService.ScheduleKeyDeletion" :: ByteString),+ "Content-Type" =#+ ("application/x-amz-json-1.1" :: ByteString)])++instance ToJSON ScheduleKeyDeletion where+ toJSON ScheduleKeyDeletion'{..}+ = object+ (catMaybes+ [("PendingWindowInDays" .=) <$>+ _skdPendingWindowInDays,+ Just ("KeyId" .= _skdKeyId)])++instance ToPath ScheduleKeyDeletion where+ toPath = const "/"++instance ToQuery ScheduleKeyDeletion where+ toQuery = const mempty++-- | /See:/ 'scheduleKeyDeletionResponse' smart constructor.+data ScheduleKeyDeletionResponse = ScheduleKeyDeletionResponse'+ { _skdrsKeyId :: !(Maybe Text)+ , _skdrsDeletionDate :: !(Maybe POSIX)+ , _skdrsResponseStatus :: !Int+ } deriving (Eq,Read,Show,Data,Typeable,Generic)++-- | Creates a value of 'ScheduleKeyDeletionResponse' with the minimum fields required to make a request.+--+-- Use one of the following lenses to modify other fields as desired:+--+-- * 'skdrsKeyId'+--+-- * 'skdrsDeletionDate'+--+-- * 'skdrsResponseStatus'+scheduleKeyDeletionResponse+ :: Int -- ^ 'skdrsResponseStatus'+ -> ScheduleKeyDeletionResponse+scheduleKeyDeletionResponse pResponseStatus_ =+ ScheduleKeyDeletionResponse'+ { _skdrsKeyId = Nothing+ , _skdrsDeletionDate = Nothing+ , _skdrsResponseStatus = pResponseStatus_+ }++-- | The unique identifier of the customer master key (CMK) for which+-- deletion is scheduled.+skdrsKeyId :: Lens' ScheduleKeyDeletionResponse (Maybe Text)+skdrsKeyId = lens _skdrsKeyId (\ s a -> s{_skdrsKeyId = a});++-- | The date and time after which AWS KMS deletes the customer master key+-- (CMK).+skdrsDeletionDate :: Lens' ScheduleKeyDeletionResponse (Maybe UTCTime)+skdrsDeletionDate = lens _skdrsDeletionDate (\ s a -> s{_skdrsDeletionDate = a}) . mapping _Time;++-- | The response status code.+skdrsResponseStatus :: Lens' ScheduleKeyDeletionResponse Int+skdrsResponseStatus = lens _skdrsResponseStatus (\ s a -> s{_skdrsResponseStatus = a});
gen/Network/AWS/KMS/Types.hs view
@@ -17,6 +17,7 @@ -- * Errors , _InvalidMarkerException+ , _KMSInvalidStateException , _InvalidKeyUsageException , _MalformedPolicyDocumentException , _UnsupportedOperationException@@ -25,6 +26,7 @@ , _KMSInternalException , _NotFoundException , _InvalidAliasNameException+ , _InvalidGrantIdException , _InvalidGrantTokenException , _InvalidARNException , _DependencyTimeoutException@@ -38,6 +40,9 @@ -- * GrantOperation , GrantOperation (..) + -- * KeyState+ , KeyState (..)+ -- * KeyUsageType , KeyUsageType (..) @@ -57,11 +62,14 @@ -- * GrantListEntry , GrantListEntry , grantListEntry+ , gleKeyId , gleRetiringPrincipal , gleIssuingAccount , gleGrantId , gleConstraints , gleGranteePrincipal+ , gleName+ , gleCreationDate , gleOperations -- * KeyListEntry@@ -75,11 +83,20 @@ , keyMetadata , kmEnabled , kmARN+ , kmKeyState , kmAWSAccountId , kmKeyUsage , kmCreationDate+ , kmDeletionDate , kmDescription , kmKeyId++ -- * ListGrantsResponse+ , ListGrantsResponse+ , listGrantsResponse+ , lgTruncated+ , lgGrants+ , lgNextMarker ) where import Network.AWS.KMS.Types.Product@@ -124,6 +141,17 @@ _InvalidMarkerException = _ServiceError . hasStatus 400 . hasCode "InvalidMarker" +-- | The request was rejected because the state of the specified resource is+-- not valid for this request.+--+-- For more information about how key state affects the use of a customer+-- master key (CMK), go to+-- <http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html How Key State Affects the Use of a Customer Master Key>+-- in the /AWS Key Management Service Developer Guide/.+_KMSInvalidStateException :: AsError a => Getting (First ServiceError) a ServiceError+_KMSInvalidStateException =+ _ServiceError . hasStatus 409 . hasCode "KMSInvalidStateException"+ -- | The request was rejected because the specified KeySpec parameter is not -- valid. The currently supported value is ENCRYPT\/DECRYPT. _InvalidKeyUsageException :: AsError a => Getting (First ServiceError) a ServiceError@@ -141,18 +169,19 @@ _UnsupportedOperationException = _ServiceError . hasStatus 400 . hasCode "UnsupportedOperation" --- | A request was rejected because the specified key was marked as disabled.+-- | The request was rejected because the specified key was marked as+-- disabled. _DisabledException :: AsError a => Getting (First ServiceError) a ServiceError _DisabledException = _ServiceError . hasStatus 409 . hasCode "Disabled" --- | The request was rejected because the key was disabled, not found, or--- otherwise not available.+-- | The request was rejected because the key was not available. The request+-- can be retried. _KeyUnavailableException :: AsError a => Getting (First ServiceError) a ServiceError _KeyUnavailableException = _ServiceError . hasStatus 500 . hasCode "KeyUnavailable" --- | The request was rejected because an internal exception occurred. This--- error can be retried.+-- | The request was rejected because an internal exception occurred. The+-- request can be retried. _KMSInternalException :: AsError a => Getting (First ServiceError) a ServiceError _KMSInternalException = _ServiceError . hasStatus 500 . hasCode "KMSInternal" @@ -166,7 +195,13 @@ _InvalidAliasNameException = _ServiceError . hasStatus 400 . hasCode "InvalidAliasName" --- | A grant token provided as part of the request is invalid.+-- | The request was rejected because the specified 'GrantId' is not valid.+_InvalidGrantIdException :: AsError a => Getting (First ServiceError) a ServiceError+_InvalidGrantIdException =+ _ServiceError . hasStatus 400 . hasCode "InvalidGrantId"++-- | The request was rejected because a grant token provided as part of the+-- request is invalid. _InvalidGrantTokenException :: AsError a => Getting (First ServiceError) a ServiceError _InvalidGrantTokenException = _ServiceError . hasStatus 400 . hasCode "InvalidGrantToken"@@ -175,7 +210,8 @@ _InvalidARNException :: AsError a => Getting (First ServiceError) a ServiceError _InvalidARNException = _ServiceError . hasStatus 400 . hasCode "InvalidArn" --- | The system timed out while trying to fulfill the request.+-- | The system timed out while trying to fulfill the request. The request+-- can be retried. _DependencyTimeoutException :: AsError a => Getting (First ServiceError) a ServiceError _DependencyTimeoutException = _ServiceError . hasStatus 503 . hasCode "DependencyTimeout"@@ -192,7 +228,10 @@ _AlreadyExistsException = _ServiceError . hasStatus 400 . hasCode "AlreadyExists" --- | The request was rejected because a quota was exceeded.+-- | The request was rejected because a limit was exceeded. For more+-- information, see+-- <http://docs.aws.amazon.com/kms/latest/developerguide/limits.html Limits>+-- in the /AWS Key Management Service Developer Guide/. _LimitExceededException :: AsError a => Getting (First ServiceError) a ServiceError _LimitExceededException = _ServiceError . hasStatus 400 . hasCode "LimitExceeded"
gen/Network/AWS/KMS/Types/Product.hs view
@@ -67,8 +67,15 @@ (x .:? "TargetKeyId") <*> (x .:? "AliasName") <*> (x .:? "AliasArn")) --- | Contains constraints on the grant.+-- | A structure for specifying the conditions under which the operations+-- permitted by the grant are allowed. --+-- You can use this structure to allow the operations permitted by the+-- grant only when a specified encryption context is present. For more+-- information about encryption context, see+-- <http://docs.aws.amazon.com/kms/latest/developerguide/encrypt-context.html Encryption Context>+-- in the /AWS Key Management Service Developer Guide/.+-- -- /See:/ 'grantConstraints' smart constructor. data GrantConstraints = GrantConstraints' { _gcEncryptionContextEquals :: !(Maybe (Map Text Text))@@ -90,12 +97,19 @@ , _gcEncryptionContextSubset = Nothing } --- | The constraint contains additional key\/value pairs that serve to--- further limit the grant.+-- | Contains a list of key-value pairs that must be present in the+-- encryption context of a subsequent operation permitted by the grant.+-- When a subsequent operation permitted by the grant includes an+-- encryption context that matches this list, the grant allows the+-- operation. Otherwise, the operation is not allowed. gcEncryptionContextEquals :: Lens' GrantConstraints (HashMap Text Text) gcEncryptionContextEquals = lens _gcEncryptionContextEquals (\ s a -> s{_gcEncryptionContextEquals = a}) . _Default . _Map; --- | The constraint equals the full encryption context.+-- | Contains a list of key-value pairs, a subset of which must be present in+-- the encryption context of a subsequent operation permitted by the grant.+-- When a subsequent operation permitted by the grant includes an+-- encryption context that matches this list or is a subset of this list,+-- the grant allows the operation. Otherwise, the operation is not allowed. gcEncryptionContextSubset :: Lens' GrantConstraints (HashMap Text Text) gcEncryptionContextSubset = lens _gcEncryptionContextSubset (\ s a -> s{_gcEncryptionContextSubset = a}) . _Default . _Map; @@ -116,15 +130,18 @@ ("EncryptionContextSubset" .=) <$> _gcEncryptionContextSubset]) --- | Contains information about each entry in the grant list.+-- | Contains information about an entry in a list of grants. -- -- /See:/ 'grantListEntry' smart constructor. data GrantListEntry = GrantListEntry'- { _gleRetiringPrincipal :: !(Maybe Text)+ { _gleKeyId :: !(Maybe Text)+ , _gleRetiringPrincipal :: !(Maybe Text) , _gleIssuingAccount :: !(Maybe Text) , _gleGrantId :: !(Maybe Text) , _gleConstraints :: !(Maybe GrantConstraints) , _gleGranteePrincipal :: !(Maybe Text)+ , _gleName :: !(Maybe Text)+ , _gleCreationDate :: !(Maybe POSIX) , _gleOperations :: !(Maybe [GrantOperation]) } deriving (Eq,Read,Show,Data,Typeable,Generic) @@ -132,6 +149,8 @@ -- -- Use one of the following lenses to modify other fields as desired: --+-- * 'gleKeyId'+-- -- * 'gleRetiringPrincipal' -- -- * 'gleIssuingAccount'@@ -142,50 +161,62 @@ -- -- * 'gleGranteePrincipal' --+-- * 'gleName'+--+-- * 'gleCreationDate'+-- -- * 'gleOperations' grantListEntry :: GrantListEntry grantListEntry = GrantListEntry'- { _gleRetiringPrincipal = Nothing+ { _gleKeyId = Nothing+ , _gleRetiringPrincipal = Nothing , _gleIssuingAccount = Nothing , _gleGrantId = Nothing , _gleConstraints = Nothing , _gleGranteePrincipal = Nothing+ , _gleName = Nothing+ , _gleCreationDate = Nothing , _gleOperations = Nothing } --- | The principal that can retire the account.+-- | The unique identifier for the customer master key (CMK) to which the+-- grant applies.+gleKeyId :: Lens' GrantListEntry (Maybe Text)+gleKeyId = lens _gleKeyId (\ s a -> s{_gleKeyId = a});++-- | The principal that can retire the grant. gleRetiringPrincipal :: Lens' GrantListEntry (Maybe Text) gleRetiringPrincipal = lens _gleRetiringPrincipal (\ s a -> s{_gleRetiringPrincipal = a}); --- | The account under which the grant was issued.+-- | The AWS account under which the grant was issued. gleIssuingAccount :: Lens' GrantListEntry (Maybe Text) gleIssuingAccount = lens _gleIssuingAccount (\ s a -> s{_gleIssuingAccount = a}); --- | Unique grant identifier.+-- | The unique identifier for the grant. gleGrantId :: Lens' GrantListEntry (Maybe Text) gleGrantId = lens _gleGrantId (\ s a -> s{_gleGrantId = a}); --- | Specifies the conditions under which the actions specified by the--- 'Operations' parameter are allowed.+-- | The conditions under which the grant\'s operations are allowed. gleConstraints :: Lens' GrantListEntry (Maybe GrantConstraints) gleConstraints = lens _gleConstraints (\ s a -> s{_gleConstraints = a}); --- | The principal that receives the grant permission.+-- | The principal that receives the grant\'s permissions. gleGranteePrincipal :: Lens' GrantListEntry (Maybe Text) gleGranteePrincipal = lens _gleGranteePrincipal (\ s a -> s{_gleGranteePrincipal = a}); --- | List of operations permitted by the grant. This can be any combination--- of one or more of the following values:------ 1. Decrypt--- 2. Encrypt--- 3. GenerateDataKey--- 4. GenerateDataKeyWithoutPlaintext--- 5. ReEncryptFrom--- 6. ReEncryptTo--- 7. CreateGrant+-- | The friendly name that identifies the grant. If a name was provided in+-- the CreateGrant request, that name is returned. Otherwise this value is+-- null.+gleName :: Lens' GrantListEntry (Maybe Text)+gleName = lens _gleName (\ s a -> s{_gleName = a});++-- | The date and time when the grant was created.+gleCreationDate :: Lens' GrantListEntry (Maybe UTCTime)+gleCreationDate = lens _gleCreationDate (\ s a -> s{_gleCreationDate = a}) . mapping _Time;++-- | The list of operations permitted by the grant. gleOperations :: Lens' GrantListEntry [GrantOperation] gleOperations = lens _gleOperations (\ s a -> s{_gleOperations = a}) . _Default . _Coerce; @@ -194,11 +225,13 @@ = withObject "GrantListEntry" (\ x -> GrantListEntry' <$>- (x .:? "RetiringPrincipal") <*>+ (x .:? "KeyId") <*> (x .:? "RetiringPrincipal") <*> (x .:? "IssuingAccount") <*> (x .:? "GrantId") <*> (x .:? "Constraints") <*> (x .:? "GranteePrincipal")+ <*> (x .:? "Name")+ <*> (x .:? "CreationDate") <*> (x .:? "Operations" .!= mempty)) -- | Contains information about each entry in the key list.@@ -239,15 +272,20 @@ KeyListEntry' <$> (x .:? "KeyId") <*> (x .:? "KeyArn")) --- | Contains metadata associated with a specific key.+-- | Contains metadata about a customer master key (CMK). --+-- This data type is used as a response element for the CreateKey and+-- DescribeKey operations.+-- -- /See:/ 'keyMetadata' smart constructor. data KeyMetadata = KeyMetadata' { _kmEnabled :: !(Maybe Bool) , _kmARN :: !(Maybe Text)+ , _kmKeyState :: !(Maybe KeyState) , _kmAWSAccountId :: !(Maybe Text) , _kmKeyUsage :: !(Maybe KeyUsageType) , _kmCreationDate :: !(Maybe POSIX)+ , _kmDeletionDate :: !(Maybe POSIX) , _kmDescription :: !(Maybe Text) , _kmKeyId :: !Text } deriving (Eq,Read,Show,Data,Typeable,Generic)@@ -260,12 +298,16 @@ -- -- * 'kmARN' --+-- * 'kmKeyState'+-- -- * 'kmAWSAccountId' -- -- * 'kmKeyUsage' -- -- * 'kmCreationDate' --+-- * 'kmDeletionDate'+-- -- * 'kmDescription' -- -- * 'kmKeyId'@@ -276,38 +318,59 @@ KeyMetadata' { _kmEnabled = Nothing , _kmARN = Nothing+ , _kmKeyState = Nothing , _kmAWSAccountId = Nothing , _kmKeyUsage = Nothing , _kmCreationDate = Nothing+ , _kmDeletionDate = Nothing , _kmDescription = Nothing , _kmKeyId = pKeyId_ } --- | Value that specifies whether the key is enabled.+-- | Specifies whether the key is enabled. When 'KeyState' is 'Enabled' this+-- value is true, otherwise it is false. kmEnabled :: Lens' KeyMetadata (Maybe Bool) kmEnabled = lens _kmEnabled (\ s a -> s{_kmEnabled = a}); --- | Key ARN (Amazon Resource Name).+-- | The Amazon Resource Name (ARN) of the key. For examples, see+-- <http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-kms AWS Key Management Service (AWS KMS)>+-- in the Example ARNs section of the /AWS General Reference/. kmARN :: Lens' KeyMetadata (Maybe Text) kmARN = lens _kmARN (\ s a -> s{_kmARN = a}); --- | Account ID number.+-- | The state of the customer master key (CMK).+--+-- For more information about how key state affects the use of a CMK, go to+-- <http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html How Key State Affects the Use of a Customer Master Key>+-- in the /AWS Key Management Service Developer Guide/.+kmKeyState :: Lens' KeyMetadata (Maybe KeyState)+kmKeyState = lens _kmKeyState (\ s a -> s{_kmKeyState = a});++-- | The twelve-digit account ID of the AWS account that owns the key. kmAWSAccountId :: Lens' KeyMetadata (Maybe Text) kmAWSAccountId = lens _kmAWSAccountId (\ s a -> s{_kmAWSAccountId = a}); --- | A value that specifies what operation(s) the key can perform.+-- | The cryptographic operations for which you can use the key. Currently+-- the only allowed value is 'ENCRYPT_DECRYPT', which means you can use the+-- key for the Encrypt and Decrypt operations. kmKeyUsage :: Lens' KeyMetadata (Maybe KeyUsageType) kmKeyUsage = lens _kmKeyUsage (\ s a -> s{_kmKeyUsage = a}); --- | Date the key was created.+-- | The date and time when the key was created. kmCreationDate :: Lens' KeyMetadata (Maybe UTCTime) kmCreationDate = lens _kmCreationDate (\ s a -> s{_kmCreationDate = a}) . mapping _Time; --- | The description of the key.+-- | The date and time after which AWS KMS deletes the customer master key+-- (CMK). This value is present only when 'KeyState' is 'PendingDeletion',+-- otherwise this value is null.+kmDeletionDate :: Lens' KeyMetadata (Maybe UTCTime)+kmDeletionDate = lens _kmDeletionDate (\ s a -> s{_kmDeletionDate = a}) . mapping _Time;++-- | The friendly description of the key. kmDescription :: Lens' KeyMetadata (Maybe Text) kmDescription = lens _kmDescription (\ s a -> s{_kmDescription = a}); --- | Unique identifier for the key.+-- | The globally unique identifier for the key. kmKeyId :: Lens' KeyMetadata Text kmKeyId = lens _kmKeyId (\ s a -> s{_kmKeyId = a}); @@ -317,8 +380,58 @@ (\ x -> KeyMetadata' <$> (x .:? "Enabled") <*> (x .:? "Arn") <*>- (x .:? "AWSAccountId")+ (x .:? "KeyState")+ <*> (x .:? "AWSAccountId") <*> (x .:? "KeyUsage") <*> (x .:? "CreationDate")+ <*> (x .:? "DeletionDate") <*> (x .:? "Description") <*> (x .: "KeyId"))++-- | /See:/ 'listGrantsResponse' smart constructor.+data ListGrantsResponse = ListGrantsResponse'+ { _lgTruncated :: !(Maybe Bool)+ , _lgGrants :: !(Maybe [GrantListEntry])+ , _lgNextMarker :: !(Maybe Text)+ } deriving (Eq,Read,Show,Data,Typeable,Generic)++-- | Creates a value of 'ListGrantsResponse' with the minimum fields required to make a request.+--+-- Use one of the following lenses to modify other fields as desired:+--+-- * 'lgTruncated'+--+-- * 'lgGrants'+--+-- * 'lgNextMarker'+listGrantsResponse+ :: ListGrantsResponse+listGrantsResponse =+ ListGrantsResponse'+ { _lgTruncated = Nothing+ , _lgGrants = Nothing+ , _lgNextMarker = Nothing+ }++-- | A flag that indicates whether there are more items in the list. If your+-- results were truncated, you can use the 'Marker' parameter to make a+-- subsequent pagination request to retrieve more items in the list.+lgTruncated :: Lens' ListGrantsResponse (Maybe Bool)+lgTruncated = lens _lgTruncated (\ s a -> s{_lgTruncated = a});++-- | A list of grants.+lgGrants :: Lens' ListGrantsResponse [GrantListEntry]+lgGrants = lens _lgGrants (\ s a -> s{_lgGrants = a}) . _Default . _Coerce;++-- | When 'Truncated' is true, this value is present and contains the value+-- to use for the 'Marker' parameter in a subsequent pagination request.+lgNextMarker :: Lens' ListGrantsResponse (Maybe Text)+lgNextMarker = lens _lgNextMarker (\ s a -> s{_lgNextMarker = a});++instance FromJSON ListGrantsResponse where+ parseJSON+ = withObject "ListGrantsResponse"+ (\ x ->+ ListGrantsResponse' <$>+ (x .:? "Truncated") <*> (x .:? "Grants" .!= mempty)+ <*> (x .:? "NextMarker"))
gen/Network/AWS/KMS/Types/Sum.hs view
@@ -47,6 +47,7 @@ data GrantOperation = CreateGrant | Decrypt+ | DescribeKey | Encrypt | GenerateDataKey | GenerateDataKeyWithoutPlaintext@@ -59,6 +60,7 @@ parser = takeLowerText >>= \case "creategrant" -> pure CreateGrant "decrypt" -> pure Decrypt+ "describekey" -> pure DescribeKey "encrypt" -> pure Encrypt "generatedatakey" -> pure GenerateDataKey "generatedatakeywithoutplaintext" -> pure GenerateDataKeyWithoutPlaintext@@ -66,12 +68,13 @@ "reencryptto" -> pure ReEncryptTo "retiregrant" -> pure RetireGrant e -> fromTextError $ "Failure parsing GrantOperation from value: '" <> e- <> "'. Accepted values: CreateGrant, Decrypt, Encrypt, GenerateDataKey, GenerateDataKeyWithoutPlaintext, ReEncryptFrom, ReEncryptTo, RetireGrant"+ <> "'. Accepted values: CreateGrant, Decrypt, DescribeKey, Encrypt, GenerateDataKey, GenerateDataKeyWithoutPlaintext, ReEncryptFrom, ReEncryptTo, RetireGrant" instance ToText GrantOperation where toText = \case CreateGrant -> "CreateGrant" Decrypt -> "Decrypt"+ DescribeKey -> "DescribeKey" Encrypt -> "Encrypt" GenerateDataKey -> "GenerateDataKey" GenerateDataKeyWithoutPlaintext -> "GenerateDataKeyWithoutPlaintext"@@ -89,6 +92,34 @@ instance FromJSON GrantOperation where parseJSON = parseJSONText "GrantOperation"++data KeyState+ = Disabled+ | Enabled+ | PendingDeletion+ deriving (Eq,Ord,Read,Show,Enum,Data,Typeable,Generic)++instance FromText KeyState where+ parser = takeLowerText >>= \case+ "disabled" -> pure Disabled+ "enabled" -> pure Enabled+ "pendingdeletion" -> pure PendingDeletion+ e -> fromTextError $ "Failure parsing KeyState from value: '" <> e+ <> "'. Accepted values: Disabled, Enabled, PendingDeletion"++instance ToText KeyState where+ toText = \case+ Disabled -> "Disabled"+ Enabled -> "Enabled"+ PendingDeletion -> "PendingDeletion"++instance Hashable KeyState+instance ToByteString KeyState+instance ToQuery KeyState+instance ToHeader KeyState++instance FromJSON KeyState where+ parseJSON = parseJSONText "KeyState" data KeyUsageType = EncryptDecrypt
gen/Network/AWS/KMS/UpdateAlias.hs view
@@ -18,20 +18,20 @@ -- Stability : auto-generated -- Portability : non-portable (GHC extensions) ----- Updates an alias to associate it with a different key.+-- Updates an alias to map it to a different key. --+-- An alias is not a property of a key. Therefore, an alias can be mapped+-- to and unmapped from an existing key without changing the properties of+-- the key.+-- -- An alias name can contain only alphanumeric characters, forward slashes -- (\/), underscores (_), and dashes (-). An alias must start with the word -- \"alias\" followed by a forward slash (alias\/). An alias that begins -- with \"aws\" after the forward slash (alias\/aws...) is reserved by -- Amazon Web Services (AWS). ----- An alias is not a property of a key. Therefore, an alias can be--- associated with and disassociated from an existing key without changing--- the properties of the key.------ Note that you cannot create or update an alias that represents a key in--- another account.+-- The alias and the key it is mapped to must be in the same AWS account+-- and the same region. -- -- /See:/ <http://docs.aws.amazon.com/kms/latest/APIReference/API_UpdateAlias.html AWS API Reference> for UpdateAlias. module Network.AWS.KMS.UpdateAlias@@ -77,20 +77,23 @@ , _uaTargetKeyId = pTargetKeyId_ } --- | String that contains the name of the alias to be modifed. The name must+-- | String that contains the name of the alias to be modified. The name must -- start with the word \"alias\" followed by a forward slash (alias\/).--- Aliases that begin with \"alias\/AWS\" are reserved.+-- Aliases that begin with \"alias\/aws\" are reserved. uaAliasName :: Lens' UpdateAlias Text uaAliasName = lens _uaAliasName (\ s a -> s{_uaAliasName = a}); --- | Unique identifier of the customer master key to be associated with the--- alias. This value can be a globally unique identifier or the fully--- specified ARN of a key.+-- | Unique identifier of the customer master key to be mapped to the alias.+-- This value can be a globally unique identifier or the fully specified+-- ARN of a key. -- -- - Key ARN Example - -- arn:aws:kms:us-east-1:123456789012:key\/12345678-1234-1234-1234-123456789012 -- - Globally Unique Key ID Example - -- 12345678-1234-1234-1234-123456789012+--+-- You can call ListAliases to verify that the alias is mapped to the+-- correct 'TargetKeyId'. uaTargetKeyId :: Lens' UpdateAlias Text uaTargetKeyId = lens _uaTargetKeyId (\ s a -> s{_uaTargetKeyId = a});
test/Test/AWS/Gen/KMS.hs view
@@ -52,6 +52,9 @@ -- , testListAliases $ -- listAliases --+-- , testListRetirableGrants $+-- listRetirableGrants+-- -- , testGenerateRandom $ -- generateRandom --@@ -82,6 +85,9 @@ -- , testDescribeKey $ -- describeKey --+-- , testCancelKeyDeletion $+-- cancelKeyDeletion+-- -- , testDecrypt $ -- decrypt --@@ -94,6 +100,9 @@ -- , testListKeyPolicies $ -- listKeyPolicies --+-- , testScheduleKeyDeletion $+-- scheduleKeyDeletion+-- -- , testPutKeyPolicy $ -- putKeyPolicy --@@ -133,6 +142,9 @@ -- , testListAliasesResponse $ -- listAliasesResponse --+-- , testListRetirableGrantsResponse $+-- listGrantsResponse+-- -- , testGenerateRandomResponse $ -- generateRandomResponse --@@ -163,6 +175,9 @@ -- , testDescribeKeyResponse $ -- describeKeyResponse --+-- , testCancelKeyDeletionResponse $+-- cancelKeyDeletionResponse+-- -- , testDecryptResponse $ -- decryptResponse --@@ -175,6 +190,9 @@ -- , testListKeyPoliciesResponse $ -- listKeyPoliciesResponse --+-- , testScheduleKeyDeletionResponse $+-- scheduleKeyDeletionResponse+-- -- , testPutKeyPolicyResponse $ -- putKeyPolicyResponse --@@ -232,6 +250,11 @@ "ListAliases" "fixture/ListAliases.yaml" +testListRetirableGrants :: ListRetirableGrants -> TestTree+testListRetirableGrants = req+ "ListRetirableGrants"+ "fixture/ListRetirableGrants.yaml"+ testGenerateRandom :: GenerateRandom -> TestTree testGenerateRandom = req "GenerateRandom"@@ -282,6 +305,11 @@ "DescribeKey" "fixture/DescribeKey.yaml" +testCancelKeyDeletion :: CancelKeyDeletion -> TestTree+testCancelKeyDeletion = req+ "CancelKeyDeletion"+ "fixture/CancelKeyDeletion.yaml"+ testDecrypt :: Decrypt -> TestTree testDecrypt = req "Decrypt"@@ -302,6 +330,11 @@ "ListKeyPolicies" "fixture/ListKeyPolicies.yaml" +testScheduleKeyDeletion :: ScheduleKeyDeletion -> TestTree+testScheduleKeyDeletion = req+ "ScheduleKeyDeletion"+ "fixture/ScheduleKeyDeletion.yaml"+ testPutKeyPolicy :: PutKeyPolicy -> TestTree testPutKeyPolicy = req "PutKeyPolicy"@@ -380,6 +413,13 @@ kMS (Proxy :: Proxy ListAliases) +testListRetirableGrantsResponse :: ListGrantsResponse -> TestTree+testListRetirableGrantsResponse = res+ "ListRetirableGrantsResponse"+ "fixture/ListRetirableGrantsResponse.proto"+ kMS+ (Proxy :: Proxy ListRetirableGrants)+ testGenerateRandomResponse :: GenerateRandomResponse -> TestTree testGenerateRandomResponse = res "GenerateRandomResponse"@@ -450,6 +490,13 @@ kMS (Proxy :: Proxy DescribeKey) +testCancelKeyDeletionResponse :: CancelKeyDeletionResponse -> TestTree+testCancelKeyDeletionResponse = res+ "CancelKeyDeletionResponse"+ "fixture/CancelKeyDeletionResponse.proto"+ kMS+ (Proxy :: Proxy CancelKeyDeletion)+ testDecryptResponse :: DecryptResponse -> TestTree testDecryptResponse = res "DecryptResponse"@@ -477,6 +524,13 @@ "fixture/ListKeyPoliciesResponse.proto" kMS (Proxy :: Proxy ListKeyPolicies)++testScheduleKeyDeletionResponse :: ScheduleKeyDeletionResponse -> TestTree+testScheduleKeyDeletionResponse = res+ "ScheduleKeyDeletionResponse"+ "fixture/ScheduleKeyDeletionResponse.proto"+ kMS+ (Proxy :: Proxy ScheduleKeyDeletion) testPutKeyPolicyResponse :: PutKeyPolicyResponse -> TestTree testPutKeyPolicyResponse = res