{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.S3.Types.Encryption
-- Copyright   : (c) 2013-2021 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
module Amazonka.S3.Types.Encryption where

import qualified Amazonka.Core as Core
import qualified Amazonka.Lens as Lens
import qualified Amazonka.Prelude as Prelude
import Amazonka.S3.Internal
import Amazonka.S3.Types.ServerSideEncryption

-- | Contains the type of server-side encryption used.
--
-- /See:/ 'newEncryption' smart constructor.
data Encryption = Encryption'
  { -- | If the encryption type is @aws:kms@, this optional value specifies the
    -- ID of the symmetric customer managed key to use for encryption of job
    -- results. Amazon S3 only supports symmetric keys. For more information,
    -- see
    -- <https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html Using symmetric and asymmetric keys>
    -- in the /Amazon Web Services Key Management Service Developer Guide/.
    Encryption -> Maybe (Sensitive Text)
kmsKeyId :: Prelude.Maybe (Core.Sensitive Prelude.Text),
    -- | If the encryption type is @aws:kms@, this optional value can be used to
    -- specify the encryption context for the restore results.
    Encryption -> Maybe Text
kmsContext :: Prelude.Maybe Prelude.Text,
    -- | The server-side encryption algorithm used when storing job results in
    -- Amazon S3 (for example, AES256, aws:kms).
    Encryption -> ServerSideEncryption
encryptionType :: ServerSideEncryption
  }
  deriving (Encryption -> Encryption -> Bool
(Encryption -> Encryption -> Bool)
-> (Encryption -> Encryption -> Bool) -> Eq Encryption
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: Encryption -> Encryption -> Bool
$c/= :: Encryption -> Encryption -> Bool
== :: Encryption -> Encryption -> Bool
$c== :: Encryption -> Encryption -> Bool
Prelude.Eq, Int -> Encryption -> ShowS
[Encryption] -> ShowS
Encryption -> String
(Int -> Encryption -> ShowS)
-> (Encryption -> String)
-> ([Encryption] -> ShowS)
-> Show Encryption
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [Encryption] -> ShowS
$cshowList :: [Encryption] -> ShowS
show :: Encryption -> String
$cshow :: Encryption -> String
showsPrec :: Int -> Encryption -> ShowS
$cshowsPrec :: Int -> Encryption -> ShowS
Prelude.Show, (forall x. Encryption -> Rep Encryption x)
-> (forall x. Rep Encryption x -> Encryption) -> Generic Encryption
forall x. Rep Encryption x -> Encryption
forall x. Encryption -> Rep Encryption x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x. Rep Encryption x -> Encryption
$cfrom :: forall x. Encryption -> Rep Encryption x
Prelude.Generic)

-- |
-- Create a value of 'Encryption' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'kmsKeyId', 'encryption_kmsKeyId' - If the encryption type is @aws:kms@, this optional value specifies the
-- ID of the symmetric customer managed key to use for encryption of job
-- results. Amazon S3 only supports symmetric keys. For more information,
-- see
-- <https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html Using symmetric and asymmetric keys>
-- in the /Amazon Web Services Key Management Service Developer Guide/.
--
-- 'kmsContext', 'encryption_kmsContext' - If the encryption type is @aws:kms@, this optional value can be used to
-- specify the encryption context for the restore results.
--
-- 'encryptionType', 'encryption_encryptionType' - The server-side encryption algorithm used when storing job results in
-- Amazon S3 (for example, AES256, aws:kms).
newEncryption ::
  -- | 'encryptionType'
  ServerSideEncryption ->
  Encryption
newEncryption :: ServerSideEncryption -> Encryption
newEncryption ServerSideEncryption
pEncryptionType_ =
  Encryption' :: Maybe (Sensitive Text)
-> Maybe Text -> ServerSideEncryption -> Encryption
Encryption'
    { $sel:kmsKeyId:Encryption' :: Maybe (Sensitive Text)
kmsKeyId = Maybe (Sensitive Text)
forall a. Maybe a
Prelude.Nothing,
      $sel:kmsContext:Encryption' :: Maybe Text
kmsContext = Maybe Text
forall a. Maybe a
Prelude.Nothing,
      $sel:encryptionType:Encryption' :: ServerSideEncryption
encryptionType = ServerSideEncryption
pEncryptionType_
    }

-- | If the encryption type is @aws:kms@, this optional value specifies the
-- ID of the symmetric customer managed key to use for encryption of job
-- results. Amazon S3 only supports symmetric keys. For more information,
-- see
-- <https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html Using symmetric and asymmetric keys>
-- in the /Amazon Web Services Key Management Service Developer Guide/.
encryption_kmsKeyId :: Lens.Lens' Encryption (Prelude.Maybe Prelude.Text)
encryption_kmsKeyId :: (Maybe Text -> f (Maybe Text)) -> Encryption -> f Encryption
encryption_kmsKeyId = (Encryption -> Maybe (Sensitive Text))
-> (Encryption -> Maybe (Sensitive Text) -> Encryption)
-> Lens
     Encryption
     Encryption
     (Maybe (Sensitive Text))
     (Maybe (Sensitive Text))
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\Encryption' {Maybe (Sensitive Text)
kmsKeyId :: Maybe (Sensitive Text)
$sel:kmsKeyId:Encryption' :: Encryption -> Maybe (Sensitive Text)
kmsKeyId} -> Maybe (Sensitive Text)
kmsKeyId) (\s :: Encryption
s@Encryption' {} Maybe (Sensitive Text)
a -> Encryption
s {$sel:kmsKeyId:Encryption' :: Maybe (Sensitive Text)
kmsKeyId = Maybe (Sensitive Text)
a} :: Encryption) ((Maybe (Sensitive Text) -> f (Maybe (Sensitive Text)))
 -> Encryption -> f Encryption)
-> ((Maybe Text -> f (Maybe Text))
    -> Maybe (Sensitive Text) -> f (Maybe (Sensitive Text)))
-> (Maybe Text -> f (Maybe Text))
-> Encryption
-> f Encryption
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. AnIso (Sensitive Text) (Sensitive Text) Text Text
-> Iso
     (Maybe (Sensitive Text))
     (Maybe (Sensitive Text))
     (Maybe Text)
     (Maybe Text)
forall (f :: * -> *) (g :: * -> *) s t a b.
(Functor f, Functor g) =>
AnIso s t a b -> Iso (f s) (g t) (f a) (g b)
Lens.mapping AnIso (Sensitive Text) (Sensitive Text) Text Text
forall a. Iso' (Sensitive a) a
Core._Sensitive

-- | If the encryption type is @aws:kms@, this optional value can be used to
-- specify the encryption context for the restore results.
encryption_kmsContext :: Lens.Lens' Encryption (Prelude.Maybe Prelude.Text)
encryption_kmsContext :: (Maybe Text -> f (Maybe Text)) -> Encryption -> f Encryption
encryption_kmsContext = (Encryption -> Maybe Text)
-> (Encryption -> Maybe Text -> Encryption)
-> Lens Encryption Encryption (Maybe Text) (Maybe Text)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\Encryption' {Maybe Text
kmsContext :: Maybe Text
$sel:kmsContext:Encryption' :: Encryption -> Maybe Text
kmsContext} -> Maybe Text
kmsContext) (\s :: Encryption
s@Encryption' {} Maybe Text
a -> Encryption
s {$sel:kmsContext:Encryption' :: Maybe Text
kmsContext = Maybe Text
a} :: Encryption)

-- | The server-side encryption algorithm used when storing job results in
-- Amazon S3 (for example, AES256, aws:kms).
encryption_encryptionType :: Lens.Lens' Encryption ServerSideEncryption
encryption_encryptionType :: (ServerSideEncryption -> f ServerSideEncryption)
-> Encryption -> f Encryption
encryption_encryptionType = (Encryption -> ServerSideEncryption)
-> (Encryption -> ServerSideEncryption -> Encryption)
-> Lens
     Encryption Encryption ServerSideEncryption ServerSideEncryption
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\Encryption' {ServerSideEncryption
encryptionType :: ServerSideEncryption
$sel:encryptionType:Encryption' :: Encryption -> ServerSideEncryption
encryptionType} -> ServerSideEncryption
encryptionType) (\s :: Encryption
s@Encryption' {} ServerSideEncryption
a -> Encryption
s {$sel:encryptionType:Encryption' :: ServerSideEncryption
encryptionType = ServerSideEncryption
a} :: Encryption)

instance Prelude.Hashable Encryption

instance Prelude.NFData Encryption

instance Core.ToXML Encryption where
  toXML :: Encryption -> XML
toXML Encryption' {Maybe Text
Maybe (Sensitive Text)
ServerSideEncryption
encryptionType :: ServerSideEncryption
kmsContext :: Maybe Text
kmsKeyId :: Maybe (Sensitive Text)
$sel:encryptionType:Encryption' :: Encryption -> ServerSideEncryption
$sel:kmsContext:Encryption' :: Encryption -> Maybe Text
$sel:kmsKeyId:Encryption' :: Encryption -> Maybe (Sensitive Text)
..} =
    [XML] -> XML
forall a. Monoid a => [a] -> a
Prelude.mconcat
      [ Name
"KMSKeyId" Name -> Maybe (Sensitive Text) -> XML
forall a. ToXML a => Name -> a -> XML
Core.@= Maybe (Sensitive Text)
kmsKeyId,
        Name
"KMSContext" Name -> Maybe Text -> XML
forall a. ToXML a => Name -> a -> XML
Core.@= Maybe Text
kmsContext,
        Name
"EncryptionType" Name -> ServerSideEncryption -> XML
forall a. ToXML a => Name -> a -> XML
Core.@= ServerSideEncryption
encryptionType
      ]