// Code generated by smithy-go-codegen DO NOT EDIT.

package kms

import (
	"context"
	"fmt"
	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
	"github.com/aws/aws-sdk-go-v2/service/kms/types"
	"github.com/aws/smithy-go/middleware"
	smithyhttp "github.com/aws/smithy-go/transport/http"
	"time"
)

// Returns usage information about the last successful cryptographic operation
// performed with a specified KMS key, including the operation type, timestamp, and
// associated CloudTrail event ID.
//
// The TrackingStartDate in the GetKeyLastUsage response indicates the date from
// which KMS began recording cryptographic activity for a given key. Use this value
// together with KeyCreationDate to understand the key's usage history:
//
//   - If the KeyLastUsage response element is present, the key has been used for a
//     successful cryptographic operation since the TrackingStartDate . The response
//     includes the operation type, timestamp, and associated CloudTrail event ID.
//
//   - If the KeyLastUsage response element is empty and KeyCreationDate is on or
//     after TrackingStartDate , the key has not been used for a successful
//     cryptographic operation since it was created.
//
//   - If the KeyLastUsage response element is empty and KeyCreationDate is before
//     TrackingStartDate , there is no record of the key being used for a successful
//     cryptographic operation since the TrackingStartDate . However, the key may
//     have been used before tracking began. To determine whether the key was used
//     before the TrackingStartDate , examine your past CloudTrail logs.
//
// For multi-Region KMS keys, primary and replica keys track last usage
// independently. Each key in a multi-Region key set maintains its own usage
// information.
//
// The ReEncrypt operation uses two keys: a source key for decryption and a
// destination key for encryption. Usage information is recorded for both keys
// independently, each with the CloudTrail event ID from the respective key owner's
// account.
//
// Do not use GetKeyLastUsage as the sole indicator when scheduling a key for
// deletion. Instead, first [disable the key]and monitor CloudTrail for DisabledException entries,
// as there could be infrequent workflows that are dependent on the key. By looking
// for this exception, you can identify potential dependencies and workload
// failures before they occur.
//
// Cross-account use: No. You cannot perform this operation on a KMS key in a
// different Amazon Web Services account.
//
// Required permissions: [kms:GetKeyLastUsage] (key policy)
//
// Related operations:
//
// # DescribeKey
//
// # DisableKey
//
// # ScheduleKeyDeletion
//
// Eventual consistency: The KMS API follows an eventual consistency model. For
// more information, see [KMS eventual consistency].
//
// [kms:GetKeyLastUsage]: https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html
// [disable the key]: https://docs.aws.amazon.com/kms/latest/developerguide/enabling-keys.html
// [KMS eventual consistency]: https://docs.aws.amazon.com/kms/latest/developerguide/accessing-kms.html#programming-eventual-consistency
func (c *Client) GetKeyLastUsage(ctx context.Context, params *GetKeyLastUsageInput, optFns ...func(*Options)) (*GetKeyLastUsageOutput, error) {
	if params == nil {
		params = &GetKeyLastUsageInput{}
	}

	result, metadata, err := c.invokeOperation(ctx, "GetKeyLastUsage", params, optFns, c.addOperationGetKeyLastUsageMiddlewares)
	if err != nil {
		return nil, err
	}

	out := result.(*GetKeyLastUsageOutput)
	out.ResultMetadata = metadata
	return out, nil
}

type GetKeyLastUsageInput struct {

	// Identifies the KMS key to get usage information for. To specify a KMS key, use
	// its key ID or key ARN. Alias names are not supported.
	//
	// Specify the key ID or key ARN of the KMS key.
	//
	// For example:
	//
	//   - Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
	//
	//   - Key ARN:
	//   arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
	//
	// To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey.
	//
	// This member is required.
	KeyId *string

	noSmithyDocumentSerde
}

type GetKeyLastUsageOutput struct {

	// The date and time when the KMS key was created.
	KeyCreationDate *time.Time

	// The globally unique identifier for the KMS key.
	KeyId *string

	// Contains usage information about the last time the KMS key was used for a
	// successful cryptographic operation. If the key has not been used since tracking
	// began, this response element is empty.
	KeyLastUsage *types.KeyLastUsageData

	// The date from which KMS began recording cryptographic activity for this key, or
	// the date the KMS key was created, whichever is later.
	TrackingStartDate *time.Time

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata

	noSmithyDocumentSerde
}

func (c *Client) addOperationGetKeyLastUsageMiddlewares(stack *middleware.Stack, options Options) (err error) {
	if err := stack.Serialize.Add(&setOperationInputMiddleware{}, middleware.After); err != nil {
		return err
	}
	err = stack.Serialize.Add(&awsAwsjson11_serializeOpGetKeyLastUsage{}, middleware.After)
	if err != nil {
		return err
	}
	err = stack.Deserialize.Add(&awsAwsjson11_deserializeOpGetKeyLastUsage{}, middleware.After)
	if err != nil {
		return err
	}
	if err := addProtocolFinalizerMiddlewares(stack, options, "GetKeyLastUsage"); err != nil {
		return fmt.Errorf("add protocol finalizers: %v", err)
	}

	if err = addlegacyEndpointContextSetter(stack, options); err != nil {
		return err
	}
	if err = addSetLoggerMiddleware(stack, options); err != nil {
		return err
	}
	if err = addClientRequestID(stack); err != nil {
		return err
	}
	if err = addComputeContentLength(stack); err != nil {
		return err
	}
	if err = addResolveEndpointMiddleware(stack, options); err != nil {
		return err
	}
	if err = addComputePayloadSHA256(stack); err != nil {
		return err
	}
	if err = addRetry(stack, options, c); err != nil {
		return err
	}
	if err = addRawResponseToMetadata(stack); err != nil {
		return err
	}
	if err = addRecordResponseTiming(stack); err != nil {
		return err
	}
	if err = addSpanRetryLoop(stack, options); err != nil {
		return err
	}
	if err = addClientUserAgent(stack, options); err != nil {
		return err
	}
	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
		return err
	}
	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
		return err
	}
	if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil {
		return err
	}
	if err = addUserAgentRetryMode(stack, options); err != nil {
		return err
	}
	if err = addCredentialSource(stack, options); err != nil {
		return err
	}
	if err = addOpGetKeyLastUsageValidationMiddleware(stack); err != nil {
		return err
	}
	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opGetKeyLastUsage(options.Region), middleware.Before); err != nil {
		return err
	}
	if err = addRecursionDetection(stack); err != nil {
		return err
	}
	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
		return err
	}
	if err = addResponseErrorMiddleware(stack); err != nil {
		return err
	}
	if err = addRequestResponseLogging(stack, options); err != nil {
		return err
	}
	if err = addDisableHTTPSMiddleware(stack, options); err != nil {
		return err
	}
	if err = addInterceptBeforeRetryLoop(stack, options); err != nil {
		return err
	}
	if err = addInterceptAttempt(stack, options); err != nil {
		return err
	}
	if err = addInterceptors(stack, options); err != nil {
		return err
	}
	return nil
}

func newServiceMetadataMiddleware_opGetKeyLastUsage(region string) *awsmiddleware.RegisterServiceMetadata {
	return &awsmiddleware.RegisterServiceMetadata{
		Region:        region,
		ServiceID:     ServiceID,
		OperationName: "GetKeyLastUsage",
	}
}
