{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.MacieV2.Types.BucketServerSideEncryption
-- Copyright   : (c) 2013-2021 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
module Amazonka.MacieV2.Types.BucketServerSideEncryption where

import qualified Amazonka.Core as Core
import qualified Amazonka.Lens as Lens
import Amazonka.MacieV2.Types.Type
import qualified Amazonka.Prelude as Prelude

-- | Provides information about the default server-side encryption settings
-- for an S3 bucket. For detailed information about these settings, see
-- <https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucket-encryption.html Setting default server-side encryption behavior for Amazon S3 buckets>
-- in the /Amazon Simple Storage Service User Guide/.
--
-- /See:/ 'newBucketServerSideEncryption' smart constructor.
data BucketServerSideEncryption = BucketServerSideEncryption'
  { -- | The Amazon Resource Name (ARN) or unique identifier (key ID) for the KMS
    -- key that\'s used by default to encrypt objects that are added to the
    -- bucket. This value is null if the bucket uses an Amazon S3 managed key
    -- to encrypt new objects or the bucket doesn\'t encrypt new objects by
    -- default.
    BucketServerSideEncryption -> Maybe Text
kmsMasterKeyId :: Prelude.Maybe Prelude.Text,
    -- | The type of server-side encryption that\'s used by default when storing
    -- new objects in the bucket. Possible values are:
    --
    -- -   AES256 - New objects are encrypted with an Amazon S3 managed key.
    --     They use SSE-S3 encryption.
    --
    -- -   aws:kms - New objects are encrypted with an KMS key
    --     (kmsMasterKeyId), either an Amazon Web Services managed key or a
    --     customer managed key. They use SSE-KMS encryption.
    --
    -- -   NONE - New objects aren\'t encrypted by default. Default encryption
    --     is disabled for the bucket.
    BucketServerSideEncryption -> Maybe Type
type' :: Prelude.Maybe Type
  }
  deriving (BucketServerSideEncryption -> BucketServerSideEncryption -> Bool
(BucketServerSideEncryption -> BucketServerSideEncryption -> Bool)
-> (BucketServerSideEncryption
    -> BucketServerSideEncryption -> Bool)
-> Eq BucketServerSideEncryption
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: BucketServerSideEncryption -> BucketServerSideEncryption -> Bool
$c/= :: BucketServerSideEncryption -> BucketServerSideEncryption -> Bool
== :: BucketServerSideEncryption -> BucketServerSideEncryption -> Bool
$c== :: BucketServerSideEncryption -> BucketServerSideEncryption -> Bool
Prelude.Eq, ReadPrec [BucketServerSideEncryption]
ReadPrec BucketServerSideEncryption
Int -> ReadS BucketServerSideEncryption
ReadS [BucketServerSideEncryption]
(Int -> ReadS BucketServerSideEncryption)
-> ReadS [BucketServerSideEncryption]
-> ReadPrec BucketServerSideEncryption
-> ReadPrec [BucketServerSideEncryption]
-> Read BucketServerSideEncryption
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [BucketServerSideEncryption]
$creadListPrec :: ReadPrec [BucketServerSideEncryption]
readPrec :: ReadPrec BucketServerSideEncryption
$creadPrec :: ReadPrec BucketServerSideEncryption
readList :: ReadS [BucketServerSideEncryption]
$creadList :: ReadS [BucketServerSideEncryption]
readsPrec :: Int -> ReadS BucketServerSideEncryption
$creadsPrec :: Int -> ReadS BucketServerSideEncryption
Prelude.Read, Int -> BucketServerSideEncryption -> ShowS
[BucketServerSideEncryption] -> ShowS
BucketServerSideEncryption -> String
(Int -> BucketServerSideEncryption -> ShowS)
-> (BucketServerSideEncryption -> String)
-> ([BucketServerSideEncryption] -> ShowS)
-> Show BucketServerSideEncryption
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [BucketServerSideEncryption] -> ShowS
$cshowList :: [BucketServerSideEncryption] -> ShowS
show :: BucketServerSideEncryption -> String
$cshow :: BucketServerSideEncryption -> String
showsPrec :: Int -> BucketServerSideEncryption -> ShowS
$cshowsPrec :: Int -> BucketServerSideEncryption -> ShowS
Prelude.Show, (forall x.
 BucketServerSideEncryption -> Rep BucketServerSideEncryption x)
-> (forall x.
    Rep BucketServerSideEncryption x -> BucketServerSideEncryption)
-> Generic BucketServerSideEncryption
forall x.
Rep BucketServerSideEncryption x -> BucketServerSideEncryption
forall x.
BucketServerSideEncryption -> Rep BucketServerSideEncryption x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x.
Rep BucketServerSideEncryption x -> BucketServerSideEncryption
$cfrom :: forall x.
BucketServerSideEncryption -> Rep BucketServerSideEncryption x
Prelude.Generic)

-- |
-- Create a value of 'BucketServerSideEncryption' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'kmsMasterKeyId', 'bucketServerSideEncryption_kmsMasterKeyId' - The Amazon Resource Name (ARN) or unique identifier (key ID) for the KMS
-- key that\'s used by default to encrypt objects that are added to the
-- bucket. This value is null if the bucket uses an Amazon S3 managed key
-- to encrypt new objects or the bucket doesn\'t encrypt new objects by
-- default.
--
-- 'type'', 'bucketServerSideEncryption_type' - The type of server-side encryption that\'s used by default when storing
-- new objects in the bucket. Possible values are:
--
-- -   AES256 - New objects are encrypted with an Amazon S3 managed key.
--     They use SSE-S3 encryption.
--
-- -   aws:kms - New objects are encrypted with an KMS key
--     (kmsMasterKeyId), either an Amazon Web Services managed key or a
--     customer managed key. They use SSE-KMS encryption.
--
-- -   NONE - New objects aren\'t encrypted by default. Default encryption
--     is disabled for the bucket.
newBucketServerSideEncryption ::
  BucketServerSideEncryption
newBucketServerSideEncryption :: BucketServerSideEncryption
newBucketServerSideEncryption =
  BucketServerSideEncryption' :: Maybe Text -> Maybe Type -> BucketServerSideEncryption
BucketServerSideEncryption'
    { $sel:kmsMasterKeyId:BucketServerSideEncryption' :: Maybe Text
kmsMasterKeyId =
        Maybe Text
forall a. Maybe a
Prelude.Nothing,
      $sel:type':BucketServerSideEncryption' :: Maybe Type
type' = Maybe Type
forall a. Maybe a
Prelude.Nothing
    }

-- | The Amazon Resource Name (ARN) or unique identifier (key ID) for the KMS
-- key that\'s used by default to encrypt objects that are added to the
-- bucket. This value is null if the bucket uses an Amazon S3 managed key
-- to encrypt new objects or the bucket doesn\'t encrypt new objects by
-- default.
bucketServerSideEncryption_kmsMasterKeyId :: Lens.Lens' BucketServerSideEncryption (Prelude.Maybe Prelude.Text)
bucketServerSideEncryption_kmsMasterKeyId :: (Maybe Text -> f (Maybe Text))
-> BucketServerSideEncryption -> f BucketServerSideEncryption
bucketServerSideEncryption_kmsMasterKeyId = (BucketServerSideEncryption -> Maybe Text)
-> (BucketServerSideEncryption
    -> Maybe Text -> BucketServerSideEncryption)
-> Lens
     BucketServerSideEncryption
     BucketServerSideEncryption
     (Maybe Text)
     (Maybe Text)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\BucketServerSideEncryption' {Maybe Text
kmsMasterKeyId :: Maybe Text
$sel:kmsMasterKeyId:BucketServerSideEncryption' :: BucketServerSideEncryption -> Maybe Text
kmsMasterKeyId} -> Maybe Text
kmsMasterKeyId) (\s :: BucketServerSideEncryption
s@BucketServerSideEncryption' {} Maybe Text
a -> BucketServerSideEncryption
s {$sel:kmsMasterKeyId:BucketServerSideEncryption' :: Maybe Text
kmsMasterKeyId = Maybe Text
a} :: BucketServerSideEncryption)

-- | The type of server-side encryption that\'s used by default when storing
-- new objects in the bucket. Possible values are:
--
-- -   AES256 - New objects are encrypted with an Amazon S3 managed key.
--     They use SSE-S3 encryption.
--
-- -   aws:kms - New objects are encrypted with an KMS key
--     (kmsMasterKeyId), either an Amazon Web Services managed key or a
--     customer managed key. They use SSE-KMS encryption.
--
-- -   NONE - New objects aren\'t encrypted by default. Default encryption
--     is disabled for the bucket.
bucketServerSideEncryption_type :: Lens.Lens' BucketServerSideEncryption (Prelude.Maybe Type)
bucketServerSideEncryption_type :: (Maybe Type -> f (Maybe Type))
-> BucketServerSideEncryption -> f BucketServerSideEncryption
bucketServerSideEncryption_type = (BucketServerSideEncryption -> Maybe Type)
-> (BucketServerSideEncryption
    -> Maybe Type -> BucketServerSideEncryption)
-> Lens
     BucketServerSideEncryption
     BucketServerSideEncryption
     (Maybe Type)
     (Maybe Type)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\BucketServerSideEncryption' {Maybe Type
type' :: Maybe Type
$sel:type':BucketServerSideEncryption' :: BucketServerSideEncryption -> Maybe Type
type'} -> Maybe Type
type') (\s :: BucketServerSideEncryption
s@BucketServerSideEncryption' {} Maybe Type
a -> BucketServerSideEncryption
s {$sel:type':BucketServerSideEncryption' :: Maybe Type
type' = Maybe Type
a} :: BucketServerSideEncryption)

instance Core.FromJSON BucketServerSideEncryption where
  parseJSON :: Value -> Parser BucketServerSideEncryption
parseJSON =
    String
-> (Object -> Parser BucketServerSideEncryption)
-> Value
-> Parser BucketServerSideEncryption
forall a. String -> (Object -> Parser a) -> Value -> Parser a
Core.withObject
      String
"BucketServerSideEncryption"
      ( \Object
x ->
          Maybe Text -> Maybe Type -> BucketServerSideEncryption
BucketServerSideEncryption'
            (Maybe Text -> Maybe Type -> BucketServerSideEncryption)
-> Parser (Maybe Text)
-> Parser (Maybe Type -> BucketServerSideEncryption)
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> (Object
x Object -> Text -> Parser (Maybe Text)
forall a. FromJSON a => Object -> Text -> Parser (Maybe a)
Core..:? Text
"kmsMasterKeyId")
            Parser (Maybe Type -> BucketServerSideEncryption)
-> Parser (Maybe Type) -> Parser BucketServerSideEncryption
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x Object -> Text -> Parser (Maybe Type)
forall a. FromJSON a => Object -> Text -> Parser (Maybe a)
Core..:? Text
"type")
      )

instance Prelude.Hashable BucketServerSideEncryption

instance Prelude.NFData BucketServerSideEncryption