{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE TypeFamilies #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-binds #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.IAM.UpdateOpenIDConnectProviderThumbprint
-- Copyright   : (c) 2013-2023 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
--
-- Replaces the existing list of server certificate thumbprints associated
-- with an OpenID Connect (OIDC) provider resource object with a new list
-- of thumbprints.
--
-- The list that you pass with this operation completely replaces the
-- existing list of thumbprints. (The lists are not merged.)
--
-- Typically, you need to update a thumbprint only when the identity
-- provider certificate changes, which occurs rarely. However, if the
-- provider\'s certificate /does/ change, any attempt to assume an IAM role
-- that specifies the OIDC provider as a principal fails until the
-- certificate thumbprint is updated.
--
-- Amazon Web Services secures communication with some OIDC identity
-- providers (IdPs) through our library of trusted certificate authorities
-- (CAs) instead of using a certificate thumbprint to verify your IdP
-- server certificate. These OIDC IdPs include Google, and those that use
-- an Amazon S3 bucket to host a JSON Web Key Set (JWKS) endpoint. In these
-- cases, your legacy thumbprint remains in your configuration, but is no
-- longer used for validation.
--
-- Trust for the OIDC provider is derived from the provider certificate and
-- is validated by the thumbprint. Therefore, it is best to limit access to
-- the @UpdateOpenIDConnectProviderThumbprint@ operation to highly
-- privileged users.
module Amazonka.IAM.UpdateOpenIDConnectProviderThumbprint
  ( -- * Creating a Request
    UpdateOpenIDConnectProviderThumbprint (..),
    newUpdateOpenIDConnectProviderThumbprint,

    -- * Request Lenses
    updateOpenIDConnectProviderThumbprint_openIDConnectProviderArn,
    updateOpenIDConnectProviderThumbprint_thumbprintList,

    -- * Destructuring the Response
    UpdateOpenIDConnectProviderThumbprintResponse (..),
    newUpdateOpenIDConnectProviderThumbprintResponse,
  )
where

import qualified Amazonka.Core as Core
import qualified Amazonka.Core.Lens.Internal as Lens
import qualified Amazonka.Data as Data
import Amazonka.IAM.Types
import qualified Amazonka.Prelude as Prelude
import qualified Amazonka.Request as Request
import qualified Amazonka.Response as Response

-- | /See:/ 'newUpdateOpenIDConnectProviderThumbprint' smart constructor.
data UpdateOpenIDConnectProviderThumbprint = UpdateOpenIDConnectProviderThumbprint'
  { -- | The Amazon Resource Name (ARN) of the IAM OIDC provider resource object
    -- for which you want to update the thumbprint. You can get a list of OIDC
    -- provider ARNs by using the ListOpenIDConnectProviders operation.
    --
    -- For more information about ARNs, see
    -- <https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs)>
    -- in the /Amazon Web Services General Reference/.
    UpdateOpenIDConnectProviderThumbprint -> Text
openIDConnectProviderArn :: Prelude.Text,
    -- | A list of certificate thumbprints that are associated with the specified
    -- IAM OpenID Connect provider. For more information, see
    -- CreateOpenIDConnectProvider.
    UpdateOpenIDConnectProviderThumbprint -> [Text]
thumbprintList :: [Prelude.Text]
  }
  deriving (UpdateOpenIDConnectProviderThumbprint
-> UpdateOpenIDConnectProviderThumbprint -> Bool
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: UpdateOpenIDConnectProviderThumbprint
-> UpdateOpenIDConnectProviderThumbprint -> Bool
$c/= :: UpdateOpenIDConnectProviderThumbprint
-> UpdateOpenIDConnectProviderThumbprint -> Bool
== :: UpdateOpenIDConnectProviderThumbprint
-> UpdateOpenIDConnectProviderThumbprint -> Bool
$c== :: UpdateOpenIDConnectProviderThumbprint
-> UpdateOpenIDConnectProviderThumbprint -> Bool
Prelude.Eq, ReadPrec [UpdateOpenIDConnectProviderThumbprint]
ReadPrec UpdateOpenIDConnectProviderThumbprint
Int -> ReadS UpdateOpenIDConnectProviderThumbprint
ReadS [UpdateOpenIDConnectProviderThumbprint]
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [UpdateOpenIDConnectProviderThumbprint]
$creadListPrec :: ReadPrec [UpdateOpenIDConnectProviderThumbprint]
readPrec :: ReadPrec UpdateOpenIDConnectProviderThumbprint
$creadPrec :: ReadPrec UpdateOpenIDConnectProviderThumbprint
readList :: ReadS [UpdateOpenIDConnectProviderThumbprint]
$creadList :: ReadS [UpdateOpenIDConnectProviderThumbprint]
readsPrec :: Int -> ReadS UpdateOpenIDConnectProviderThumbprint
$creadsPrec :: Int -> ReadS UpdateOpenIDConnectProviderThumbprint
Prelude.Read, Int -> UpdateOpenIDConnectProviderThumbprint -> ShowS
[UpdateOpenIDConnectProviderThumbprint] -> ShowS
UpdateOpenIDConnectProviderThumbprint -> String
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [UpdateOpenIDConnectProviderThumbprint] -> ShowS
$cshowList :: [UpdateOpenIDConnectProviderThumbprint] -> ShowS
show :: UpdateOpenIDConnectProviderThumbprint -> String
$cshow :: UpdateOpenIDConnectProviderThumbprint -> String
showsPrec :: Int -> UpdateOpenIDConnectProviderThumbprint -> ShowS
$cshowsPrec :: Int -> UpdateOpenIDConnectProviderThumbprint -> ShowS
Prelude.Show, forall x.
Rep UpdateOpenIDConnectProviderThumbprint x
-> UpdateOpenIDConnectProviderThumbprint
forall x.
UpdateOpenIDConnectProviderThumbprint
-> Rep UpdateOpenIDConnectProviderThumbprint x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x.
Rep UpdateOpenIDConnectProviderThumbprint x
-> UpdateOpenIDConnectProviderThumbprint
$cfrom :: forall x.
UpdateOpenIDConnectProviderThumbprint
-> Rep UpdateOpenIDConnectProviderThumbprint x
Prelude.Generic)

-- |
-- Create a value of 'UpdateOpenIDConnectProviderThumbprint' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'openIDConnectProviderArn', 'updateOpenIDConnectProviderThumbprint_openIDConnectProviderArn' - The Amazon Resource Name (ARN) of the IAM OIDC provider resource object
-- for which you want to update the thumbprint. You can get a list of OIDC
-- provider ARNs by using the ListOpenIDConnectProviders operation.
--
-- For more information about ARNs, see
-- <https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs)>
-- in the /Amazon Web Services General Reference/.
--
-- 'thumbprintList', 'updateOpenIDConnectProviderThumbprint_thumbprintList' - A list of certificate thumbprints that are associated with the specified
-- IAM OpenID Connect provider. For more information, see
-- CreateOpenIDConnectProvider.
newUpdateOpenIDConnectProviderThumbprint ::
  -- | 'openIDConnectProviderArn'
  Prelude.Text ->
  UpdateOpenIDConnectProviderThumbprint
newUpdateOpenIDConnectProviderThumbprint :: Text -> UpdateOpenIDConnectProviderThumbprint
newUpdateOpenIDConnectProviderThumbprint
  Text
pOpenIDConnectProviderArn_ =
    UpdateOpenIDConnectProviderThumbprint'
      { $sel:openIDConnectProviderArn:UpdateOpenIDConnectProviderThumbprint' :: Text
openIDConnectProviderArn =
          Text
pOpenIDConnectProviderArn_,
        $sel:thumbprintList:UpdateOpenIDConnectProviderThumbprint' :: [Text]
thumbprintList = forall a. Monoid a => a
Prelude.mempty
      }

-- | The Amazon Resource Name (ARN) of the IAM OIDC provider resource object
-- for which you want to update the thumbprint. You can get a list of OIDC
-- provider ARNs by using the ListOpenIDConnectProviders operation.
--
-- For more information about ARNs, see
-- <https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs)>
-- in the /Amazon Web Services General Reference/.
updateOpenIDConnectProviderThumbprint_openIDConnectProviderArn :: Lens.Lens' UpdateOpenIDConnectProviderThumbprint Prelude.Text
updateOpenIDConnectProviderThumbprint_openIDConnectProviderArn :: Lens' UpdateOpenIDConnectProviderThumbprint Text
updateOpenIDConnectProviderThumbprint_openIDConnectProviderArn = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\UpdateOpenIDConnectProviderThumbprint' {Text
openIDConnectProviderArn :: Text
$sel:openIDConnectProviderArn:UpdateOpenIDConnectProviderThumbprint' :: UpdateOpenIDConnectProviderThumbprint -> Text
openIDConnectProviderArn} -> Text
openIDConnectProviderArn) (\s :: UpdateOpenIDConnectProviderThumbprint
s@UpdateOpenIDConnectProviderThumbprint' {} Text
a -> UpdateOpenIDConnectProviderThumbprint
s {$sel:openIDConnectProviderArn:UpdateOpenIDConnectProviderThumbprint' :: Text
openIDConnectProviderArn = Text
a} :: UpdateOpenIDConnectProviderThumbprint)

-- | A list of certificate thumbprints that are associated with the specified
-- IAM OpenID Connect provider. For more information, see
-- CreateOpenIDConnectProvider.
updateOpenIDConnectProviderThumbprint_thumbprintList :: Lens.Lens' UpdateOpenIDConnectProviderThumbprint [Prelude.Text]
updateOpenIDConnectProviderThumbprint_thumbprintList :: Lens' UpdateOpenIDConnectProviderThumbprint [Text]
updateOpenIDConnectProviderThumbprint_thumbprintList = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\UpdateOpenIDConnectProviderThumbprint' {[Text]
thumbprintList :: [Text]
$sel:thumbprintList:UpdateOpenIDConnectProviderThumbprint' :: UpdateOpenIDConnectProviderThumbprint -> [Text]
thumbprintList} -> [Text]
thumbprintList) (\s :: UpdateOpenIDConnectProviderThumbprint
s@UpdateOpenIDConnectProviderThumbprint' {} [Text]
a -> UpdateOpenIDConnectProviderThumbprint
s {$sel:thumbprintList:UpdateOpenIDConnectProviderThumbprint' :: [Text]
thumbprintList = [Text]
a} :: UpdateOpenIDConnectProviderThumbprint) forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. forall s t a b. (Coercible s a, Coercible t b) => Iso s t a b
Lens.coerced

instance
  Core.AWSRequest
    UpdateOpenIDConnectProviderThumbprint
  where
  type
    AWSResponse
      UpdateOpenIDConnectProviderThumbprint =
      UpdateOpenIDConnectProviderThumbprintResponse
  request :: (Service -> Service)
-> UpdateOpenIDConnectProviderThumbprint
-> Request UpdateOpenIDConnectProviderThumbprint
request Service -> Service
overrides =
    forall a. ToRequest a => Service -> a -> Request a
Request.postQuery (Service -> Service
overrides Service
defaultService)
  response :: forall (m :: * -> *).
MonadResource m =>
(ByteStringLazy -> IO ByteStringLazy)
-> Service
-> Proxy UpdateOpenIDConnectProviderThumbprint
-> ClientResponse ClientBody
-> m (Either
        Error
        (ClientResponse
           (AWSResponse UpdateOpenIDConnectProviderThumbprint)))
response =
    forall (m :: * -> *) a.
MonadResource m =>
AWSResponse a
-> (ByteStringLazy -> IO ByteStringLazy)
-> Service
-> Proxy a
-> ClientResponse ClientBody
-> m (Either Error (ClientResponse (AWSResponse a)))
Response.receiveNull
      UpdateOpenIDConnectProviderThumbprintResponse
UpdateOpenIDConnectProviderThumbprintResponse'

instance
  Prelude.Hashable
    UpdateOpenIDConnectProviderThumbprint
  where
  hashWithSalt :: Int -> UpdateOpenIDConnectProviderThumbprint -> Int
hashWithSalt
    Int
_salt
    UpdateOpenIDConnectProviderThumbprint' {[Text]
Text
thumbprintList :: [Text]
openIDConnectProviderArn :: Text
$sel:thumbprintList:UpdateOpenIDConnectProviderThumbprint' :: UpdateOpenIDConnectProviderThumbprint -> [Text]
$sel:openIDConnectProviderArn:UpdateOpenIDConnectProviderThumbprint' :: UpdateOpenIDConnectProviderThumbprint -> Text
..} =
      Int
_salt
        forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Text
openIDConnectProviderArn
        forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` [Text]
thumbprintList

instance
  Prelude.NFData
    UpdateOpenIDConnectProviderThumbprint
  where
  rnf :: UpdateOpenIDConnectProviderThumbprint -> ()
rnf UpdateOpenIDConnectProviderThumbprint' {[Text]
Text
thumbprintList :: [Text]
openIDConnectProviderArn :: Text
$sel:thumbprintList:UpdateOpenIDConnectProviderThumbprint' :: UpdateOpenIDConnectProviderThumbprint -> [Text]
$sel:openIDConnectProviderArn:UpdateOpenIDConnectProviderThumbprint' :: UpdateOpenIDConnectProviderThumbprint -> Text
..} =
    forall a. NFData a => a -> ()
Prelude.rnf Text
openIDConnectProviderArn
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf [Text]
thumbprintList

instance
  Data.ToHeaders
    UpdateOpenIDConnectProviderThumbprint
  where
  toHeaders :: UpdateOpenIDConnectProviderThumbprint -> [Header]
toHeaders = forall a b. a -> b -> a
Prelude.const forall a. Monoid a => a
Prelude.mempty

instance
  Data.ToPath
    UpdateOpenIDConnectProviderThumbprint
  where
  toPath :: UpdateOpenIDConnectProviderThumbprint -> ByteString
toPath = forall a b. a -> b -> a
Prelude.const ByteString
"/"

instance
  Data.ToQuery
    UpdateOpenIDConnectProviderThumbprint
  where
  toQuery :: UpdateOpenIDConnectProviderThumbprint -> QueryString
toQuery UpdateOpenIDConnectProviderThumbprint' {[Text]
Text
thumbprintList :: [Text]
openIDConnectProviderArn :: Text
$sel:thumbprintList:UpdateOpenIDConnectProviderThumbprint' :: UpdateOpenIDConnectProviderThumbprint -> [Text]
$sel:openIDConnectProviderArn:UpdateOpenIDConnectProviderThumbprint' :: UpdateOpenIDConnectProviderThumbprint -> Text
..} =
    forall a. Monoid a => [a] -> a
Prelude.mconcat
      [ ByteString
"Action"
          forall a. ToQuery a => ByteString -> a -> QueryString
Data.=: ( ByteString
"UpdateOpenIDConnectProviderThumbprint" ::
                      Prelude.ByteString
                  ),
        ByteString
"Version"
          forall a. ToQuery a => ByteString -> a -> QueryString
Data.=: (ByteString
"2010-05-08" :: Prelude.ByteString),
        ByteString
"OpenIDConnectProviderArn"
          forall a. ToQuery a => ByteString -> a -> QueryString
Data.=: Text
openIDConnectProviderArn,
        ByteString
"ThumbprintList"
          forall a. ToQuery a => ByteString -> a -> QueryString
Data.=: forall a.
(IsList a, ToQuery (Item a)) =>
ByteString -> a -> QueryString
Data.toQueryList ByteString
"member" [Text]
thumbprintList
      ]

-- | /See:/ 'newUpdateOpenIDConnectProviderThumbprintResponse' smart constructor.
data UpdateOpenIDConnectProviderThumbprintResponse = UpdateOpenIDConnectProviderThumbprintResponse'
  {
  }
  deriving (UpdateOpenIDConnectProviderThumbprintResponse
-> UpdateOpenIDConnectProviderThumbprintResponse -> Bool
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: UpdateOpenIDConnectProviderThumbprintResponse
-> UpdateOpenIDConnectProviderThumbprintResponse -> Bool
$c/= :: UpdateOpenIDConnectProviderThumbprintResponse
-> UpdateOpenIDConnectProviderThumbprintResponse -> Bool
== :: UpdateOpenIDConnectProviderThumbprintResponse
-> UpdateOpenIDConnectProviderThumbprintResponse -> Bool
$c== :: UpdateOpenIDConnectProviderThumbprintResponse
-> UpdateOpenIDConnectProviderThumbprintResponse -> Bool
Prelude.Eq, ReadPrec [UpdateOpenIDConnectProviderThumbprintResponse]
ReadPrec UpdateOpenIDConnectProviderThumbprintResponse
Int -> ReadS UpdateOpenIDConnectProviderThumbprintResponse
ReadS [UpdateOpenIDConnectProviderThumbprintResponse]
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [UpdateOpenIDConnectProviderThumbprintResponse]
$creadListPrec :: ReadPrec [UpdateOpenIDConnectProviderThumbprintResponse]
readPrec :: ReadPrec UpdateOpenIDConnectProviderThumbprintResponse
$creadPrec :: ReadPrec UpdateOpenIDConnectProviderThumbprintResponse
readList :: ReadS [UpdateOpenIDConnectProviderThumbprintResponse]
$creadList :: ReadS [UpdateOpenIDConnectProviderThumbprintResponse]
readsPrec :: Int -> ReadS UpdateOpenIDConnectProviderThumbprintResponse
$creadsPrec :: Int -> ReadS UpdateOpenIDConnectProviderThumbprintResponse
Prelude.Read, Int -> UpdateOpenIDConnectProviderThumbprintResponse -> ShowS
[UpdateOpenIDConnectProviderThumbprintResponse] -> ShowS
UpdateOpenIDConnectProviderThumbprintResponse -> String
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [UpdateOpenIDConnectProviderThumbprintResponse] -> ShowS
$cshowList :: [UpdateOpenIDConnectProviderThumbprintResponse] -> ShowS
show :: UpdateOpenIDConnectProviderThumbprintResponse -> String
$cshow :: UpdateOpenIDConnectProviderThumbprintResponse -> String
showsPrec :: Int -> UpdateOpenIDConnectProviderThumbprintResponse -> ShowS
$cshowsPrec :: Int -> UpdateOpenIDConnectProviderThumbprintResponse -> ShowS
Prelude.Show, forall x.
Rep UpdateOpenIDConnectProviderThumbprintResponse x
-> UpdateOpenIDConnectProviderThumbprintResponse
forall x.
UpdateOpenIDConnectProviderThumbprintResponse
-> Rep UpdateOpenIDConnectProviderThumbprintResponse x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x.
Rep UpdateOpenIDConnectProviderThumbprintResponse x
-> UpdateOpenIDConnectProviderThumbprintResponse
$cfrom :: forall x.
UpdateOpenIDConnectProviderThumbprintResponse
-> Rep UpdateOpenIDConnectProviderThumbprintResponse x
Prelude.Generic)

-- |
-- Create a value of 'UpdateOpenIDConnectProviderThumbprintResponse' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
newUpdateOpenIDConnectProviderThumbprintResponse ::
  UpdateOpenIDConnectProviderThumbprintResponse
newUpdateOpenIDConnectProviderThumbprintResponse :: UpdateOpenIDConnectProviderThumbprintResponse
newUpdateOpenIDConnectProviderThumbprintResponse =
  UpdateOpenIDConnectProviderThumbprintResponse
UpdateOpenIDConnectProviderThumbprintResponse'

instance
  Prelude.NFData
    UpdateOpenIDConnectProviderThumbprintResponse
  where
  rnf :: UpdateOpenIDConnectProviderThumbprintResponse -> ()
rnf UpdateOpenIDConnectProviderThumbprintResponse
_ = ()