{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.QLDB.Types.LedgerEncryptionDescription
-- Copyright   : (c) 2013-2023 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
module Amazonka.QLDB.Types.LedgerEncryptionDescription where

import qualified Amazonka.Core as Core
import qualified Amazonka.Core.Lens.Internal as Lens
import qualified Amazonka.Data as Data
import qualified Amazonka.Prelude as Prelude
import Amazonka.QLDB.Types.EncryptionStatus

-- | Information about the encryption of data at rest in an Amazon QLDB
-- ledger. This includes the current status, the key in Key Management
-- Service (KMS), and when the key became inaccessible (in the case of an
-- error).
--
-- For more information, see
-- <https://docs.aws.amazon.com/qldb/latest/developerguide/encryption-at-rest.html Encryption at rest>
-- in the /Amazon QLDB Developer Guide/.
--
-- /See:/ 'newLedgerEncryptionDescription' smart constructor.
data LedgerEncryptionDescription = LedgerEncryptionDescription'
  { -- | The date and time, in epoch time format, when the KMS key first became
    -- inaccessible, in the case of an error. (Epoch time format is the number
    -- of seconds that have elapsed since 12:00:00 AM January 1, 1970 UTC.)
    --
    -- This parameter is undefined if the KMS key is accessible.
    LedgerEncryptionDescription -> Maybe POSIX
inaccessibleKmsKeyDateTime :: Prelude.Maybe Data.POSIX,
    -- | The Amazon Resource Name (ARN) of the customer managed KMS key that the
    -- ledger uses for encryption at rest. If this parameter is undefined, the
    -- ledger uses an Amazon Web Services owned KMS key for encryption.
    LedgerEncryptionDescription -> Text
kmsKeyArn :: Prelude.Text,
    -- | The current state of encryption at rest for the ledger. This can be one
    -- of the following values:
    --
    -- -   @ENABLED@: Encryption is fully enabled using the specified key.
    --
    -- -   @UPDATING@: The ledger is actively processing the specified key
    --     change.
    --
    --     Key changes in QLDB are asynchronous. The ledger is fully accessible
    --     without any performance impact while the key change is being
    --     processed. The amount of time it takes to update a key varies
    --     depending on the ledger size.
    --
    -- -   @KMS_KEY_INACCESSIBLE@: The specified customer managed KMS key is
    --     not accessible, and the ledger is impaired. Either the key was
    --     disabled or deleted, or the grants on the key were revoked. When a
    --     ledger is impaired, it is not accessible and does not accept any
    --     read or write requests.
    --
    --     An impaired ledger automatically returns to an active state after
    --     you restore the grants on the key, or re-enable the key that was
    --     disabled. However, deleting a customer managed KMS key is
    --     irreversible. After a key is deleted, you can no longer access the
    --     ledgers that are protected with that key, and the data becomes
    --     unrecoverable permanently.
    LedgerEncryptionDescription -> EncryptionStatus
encryptionStatus :: EncryptionStatus
  }
  deriving (LedgerEncryptionDescription -> LedgerEncryptionDescription -> Bool
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: LedgerEncryptionDescription -> LedgerEncryptionDescription -> Bool
$c/= :: LedgerEncryptionDescription -> LedgerEncryptionDescription -> Bool
== :: LedgerEncryptionDescription -> LedgerEncryptionDescription -> Bool
$c== :: LedgerEncryptionDescription -> LedgerEncryptionDescription -> Bool
Prelude.Eq, ReadPrec [LedgerEncryptionDescription]
ReadPrec LedgerEncryptionDescription
Int -> ReadS LedgerEncryptionDescription
ReadS [LedgerEncryptionDescription]
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [LedgerEncryptionDescription]
$creadListPrec :: ReadPrec [LedgerEncryptionDescription]
readPrec :: ReadPrec LedgerEncryptionDescription
$creadPrec :: ReadPrec LedgerEncryptionDescription
readList :: ReadS [LedgerEncryptionDescription]
$creadList :: ReadS [LedgerEncryptionDescription]
readsPrec :: Int -> ReadS LedgerEncryptionDescription
$creadsPrec :: Int -> ReadS LedgerEncryptionDescription
Prelude.Read, Int -> LedgerEncryptionDescription -> ShowS
[LedgerEncryptionDescription] -> ShowS
LedgerEncryptionDescription -> String
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [LedgerEncryptionDescription] -> ShowS
$cshowList :: [LedgerEncryptionDescription] -> ShowS
show :: LedgerEncryptionDescription -> String
$cshow :: LedgerEncryptionDescription -> String
showsPrec :: Int -> LedgerEncryptionDescription -> ShowS
$cshowsPrec :: Int -> LedgerEncryptionDescription -> ShowS
Prelude.Show, forall x.
Rep LedgerEncryptionDescription x -> LedgerEncryptionDescription
forall x.
LedgerEncryptionDescription -> Rep LedgerEncryptionDescription x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x.
Rep LedgerEncryptionDescription x -> LedgerEncryptionDescription
$cfrom :: forall x.
LedgerEncryptionDescription -> Rep LedgerEncryptionDescription x
Prelude.Generic)

-- |
-- Create a value of 'LedgerEncryptionDescription' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'inaccessibleKmsKeyDateTime', 'ledgerEncryptionDescription_inaccessibleKmsKeyDateTime' - The date and time, in epoch time format, when the KMS key first became
-- inaccessible, in the case of an error. (Epoch time format is the number
-- of seconds that have elapsed since 12:00:00 AM January 1, 1970 UTC.)
--
-- This parameter is undefined if the KMS key is accessible.
--
-- 'kmsKeyArn', 'ledgerEncryptionDescription_kmsKeyArn' - The Amazon Resource Name (ARN) of the customer managed KMS key that the
-- ledger uses for encryption at rest. If this parameter is undefined, the
-- ledger uses an Amazon Web Services owned KMS key for encryption.
--
-- 'encryptionStatus', 'ledgerEncryptionDescription_encryptionStatus' - The current state of encryption at rest for the ledger. This can be one
-- of the following values:
--
-- -   @ENABLED@: Encryption is fully enabled using the specified key.
--
-- -   @UPDATING@: The ledger is actively processing the specified key
--     change.
--
--     Key changes in QLDB are asynchronous. The ledger is fully accessible
--     without any performance impact while the key change is being
--     processed. The amount of time it takes to update a key varies
--     depending on the ledger size.
--
-- -   @KMS_KEY_INACCESSIBLE@: The specified customer managed KMS key is
--     not accessible, and the ledger is impaired. Either the key was
--     disabled or deleted, or the grants on the key were revoked. When a
--     ledger is impaired, it is not accessible and does not accept any
--     read or write requests.
--
--     An impaired ledger automatically returns to an active state after
--     you restore the grants on the key, or re-enable the key that was
--     disabled. However, deleting a customer managed KMS key is
--     irreversible. After a key is deleted, you can no longer access the
--     ledgers that are protected with that key, and the data becomes
--     unrecoverable permanently.
newLedgerEncryptionDescription ::
  -- | 'kmsKeyArn'
  Prelude.Text ->
  -- | 'encryptionStatus'
  EncryptionStatus ->
  LedgerEncryptionDescription
newLedgerEncryptionDescription :: Text -> EncryptionStatus -> LedgerEncryptionDescription
newLedgerEncryptionDescription
  Text
pKmsKeyArn_
  EncryptionStatus
pEncryptionStatus_ =
    LedgerEncryptionDescription'
      { $sel:inaccessibleKmsKeyDateTime:LedgerEncryptionDescription' :: Maybe POSIX
inaccessibleKmsKeyDateTime =
          forall a. Maybe a
Prelude.Nothing,
        $sel:kmsKeyArn:LedgerEncryptionDescription' :: Text
kmsKeyArn = Text
pKmsKeyArn_,
        $sel:encryptionStatus:LedgerEncryptionDescription' :: EncryptionStatus
encryptionStatus = EncryptionStatus
pEncryptionStatus_
      }

-- | The date and time, in epoch time format, when the KMS key first became
-- inaccessible, in the case of an error. (Epoch time format is the number
-- of seconds that have elapsed since 12:00:00 AM January 1, 1970 UTC.)
--
-- This parameter is undefined if the KMS key is accessible.
ledgerEncryptionDescription_inaccessibleKmsKeyDateTime :: Lens.Lens' LedgerEncryptionDescription (Prelude.Maybe Prelude.UTCTime)
ledgerEncryptionDescription_inaccessibleKmsKeyDateTime :: Lens' LedgerEncryptionDescription (Maybe UTCTime)
ledgerEncryptionDescription_inaccessibleKmsKeyDateTime = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\LedgerEncryptionDescription' {Maybe POSIX
inaccessibleKmsKeyDateTime :: Maybe POSIX
$sel:inaccessibleKmsKeyDateTime:LedgerEncryptionDescription' :: LedgerEncryptionDescription -> Maybe POSIX
inaccessibleKmsKeyDateTime} -> Maybe POSIX
inaccessibleKmsKeyDateTime) (\s :: LedgerEncryptionDescription
s@LedgerEncryptionDescription' {} Maybe POSIX
a -> LedgerEncryptionDescription
s {$sel:inaccessibleKmsKeyDateTime:LedgerEncryptionDescription' :: Maybe POSIX
inaccessibleKmsKeyDateTime = Maybe POSIX
a} :: LedgerEncryptionDescription) forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. forall (f :: * -> *) (g :: * -> *) s t a b.
(Functor f, Functor g) =>
AnIso s t a b -> Iso (f s) (g t) (f a) (g b)
Lens.mapping forall (a :: Format). Iso' (Time a) UTCTime
Data._Time

-- | The Amazon Resource Name (ARN) of the customer managed KMS key that the
-- ledger uses for encryption at rest. If this parameter is undefined, the
-- ledger uses an Amazon Web Services owned KMS key for encryption.
ledgerEncryptionDescription_kmsKeyArn :: Lens.Lens' LedgerEncryptionDescription Prelude.Text
ledgerEncryptionDescription_kmsKeyArn :: Lens' LedgerEncryptionDescription Text
ledgerEncryptionDescription_kmsKeyArn = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\LedgerEncryptionDescription' {Text
kmsKeyArn :: Text
$sel:kmsKeyArn:LedgerEncryptionDescription' :: LedgerEncryptionDescription -> Text
kmsKeyArn} -> Text
kmsKeyArn) (\s :: LedgerEncryptionDescription
s@LedgerEncryptionDescription' {} Text
a -> LedgerEncryptionDescription
s {$sel:kmsKeyArn:LedgerEncryptionDescription' :: Text
kmsKeyArn = Text
a} :: LedgerEncryptionDescription)

-- | The current state of encryption at rest for the ledger. This can be one
-- of the following values:
--
-- -   @ENABLED@: Encryption is fully enabled using the specified key.
--
-- -   @UPDATING@: The ledger is actively processing the specified key
--     change.
--
--     Key changes in QLDB are asynchronous. The ledger is fully accessible
--     without any performance impact while the key change is being
--     processed. The amount of time it takes to update a key varies
--     depending on the ledger size.
--
-- -   @KMS_KEY_INACCESSIBLE@: The specified customer managed KMS key is
--     not accessible, and the ledger is impaired. Either the key was
--     disabled or deleted, or the grants on the key were revoked. When a
--     ledger is impaired, it is not accessible and does not accept any
--     read or write requests.
--
--     An impaired ledger automatically returns to an active state after
--     you restore the grants on the key, or re-enable the key that was
--     disabled. However, deleting a customer managed KMS key is
--     irreversible. After a key is deleted, you can no longer access the
--     ledgers that are protected with that key, and the data becomes
--     unrecoverable permanently.
ledgerEncryptionDescription_encryptionStatus :: Lens.Lens' LedgerEncryptionDescription EncryptionStatus
ledgerEncryptionDescription_encryptionStatus :: Lens' LedgerEncryptionDescription EncryptionStatus
ledgerEncryptionDescription_encryptionStatus = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\LedgerEncryptionDescription' {EncryptionStatus
encryptionStatus :: EncryptionStatus
$sel:encryptionStatus:LedgerEncryptionDescription' :: LedgerEncryptionDescription -> EncryptionStatus
encryptionStatus} -> EncryptionStatus
encryptionStatus) (\s :: LedgerEncryptionDescription
s@LedgerEncryptionDescription' {} EncryptionStatus
a -> LedgerEncryptionDescription
s {$sel:encryptionStatus:LedgerEncryptionDescription' :: EncryptionStatus
encryptionStatus = EncryptionStatus
a} :: LedgerEncryptionDescription)

instance Data.FromJSON LedgerEncryptionDescription where
  parseJSON :: Value -> Parser LedgerEncryptionDescription
parseJSON =
    forall a. String -> (Object -> Parser a) -> Value -> Parser a
Data.withObject
      String
"LedgerEncryptionDescription"
      ( \Object
x ->
          Maybe POSIX
-> Text -> EncryptionStatus -> LedgerEncryptionDescription
LedgerEncryptionDescription'
            forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> (Object
x forall a. FromJSON a => Object -> Key -> Parser (Maybe a)
Data..:? Key
"InaccessibleKmsKeyDateTime")
            forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x forall a. FromJSON a => Object -> Key -> Parser a
Data..: Key
"KmsKeyArn")
            forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x forall a. FromJSON a => Object -> Key -> Parser a
Data..: Key
"EncryptionStatus")
      )

instance Prelude.Hashable LedgerEncryptionDescription where
  hashWithSalt :: Int -> LedgerEncryptionDescription -> Int
hashWithSalt Int
_salt LedgerEncryptionDescription' {Maybe POSIX
Text
EncryptionStatus
encryptionStatus :: EncryptionStatus
kmsKeyArn :: Text
inaccessibleKmsKeyDateTime :: Maybe POSIX
$sel:encryptionStatus:LedgerEncryptionDescription' :: LedgerEncryptionDescription -> EncryptionStatus
$sel:kmsKeyArn:LedgerEncryptionDescription' :: LedgerEncryptionDescription -> Text
$sel:inaccessibleKmsKeyDateTime:LedgerEncryptionDescription' :: LedgerEncryptionDescription -> Maybe POSIX
..} =
    Int
_salt
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Maybe POSIX
inaccessibleKmsKeyDateTime
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Text
kmsKeyArn
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` EncryptionStatus
encryptionStatus

instance Prelude.NFData LedgerEncryptionDescription where
  rnf :: LedgerEncryptionDescription -> ()
rnf LedgerEncryptionDescription' {Maybe POSIX
Text
EncryptionStatus
encryptionStatus :: EncryptionStatus
kmsKeyArn :: Text
inaccessibleKmsKeyDateTime :: Maybe POSIX
$sel:encryptionStatus:LedgerEncryptionDescription' :: LedgerEncryptionDescription -> EncryptionStatus
$sel:kmsKeyArn:LedgerEncryptionDescription' :: LedgerEncryptionDescription -> Text
$sel:inaccessibleKmsKeyDateTime:LedgerEncryptionDescription' :: LedgerEncryptionDescription -> Maybe POSIX
..} =
    forall a. NFData a => a -> ()
Prelude.rnf Maybe POSIX
inaccessibleKmsKeyDateTime
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Text
kmsKeyArn
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf EncryptionStatus
encryptionStatus