{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.S3.Types.ServerSideEncryptionByDefault
-- Copyright   : (c) 2013-2021 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
module Amazonka.S3.Types.ServerSideEncryptionByDefault where

import qualified Amazonka.Core as Core
import qualified Amazonka.Lens as Lens
import qualified Amazonka.Prelude as Prelude
import Amazonka.S3.Internal
import Amazonka.S3.Types.ServerSideEncryption

-- | Describes the default server-side encryption to apply to new objects in
-- the bucket. If a PUT Object request doesn\'t specify any server-side
-- encryption, this default encryption will be applied. For more
-- information, see
-- <https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTencryption.html PUT Bucket encryption>
-- in the /Amazon S3 API Reference/.
--
-- /See:/ 'newServerSideEncryptionByDefault' smart constructor.
data ServerSideEncryptionByDefault = ServerSideEncryptionByDefault'
  { -- | Amazon Web Services Key Management Service (KMS) customer Amazon Web
    -- Services KMS key ID to use for the default encryption. This parameter is
    -- allowed if and only if @SSEAlgorithm@ is set to @aws:kms@.
    --
    -- You can specify the key ID or the Amazon Resource Name (ARN) of the KMS
    -- key. However, if you are using encryption with cross-account operations,
    -- you must use a fully qualified KMS key ARN. For more information, see
    -- <https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html#bucket-encryption-update-bucket-policy Using encryption for cross-account operations>.
    --
    -- __For example:__
    --
    -- -   Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@
    --
    -- -   Key ARN:
    --     @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@
    --
    -- Amazon S3 only supports symmetric KMS keys and not asymmetric KMS keys.
    -- For more information, see
    -- <https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html Using symmetric and asymmetric keys>
    -- in the /Amazon Web Services Key Management Service Developer Guide/.
    ServerSideEncryptionByDefault -> Maybe (Sensitive Text)
kmsMasterKeyID :: Prelude.Maybe (Core.Sensitive Prelude.Text),
    -- | Server-side encryption algorithm to use for the default encryption.
    ServerSideEncryptionByDefault -> ServerSideEncryption
sSEAlgorithm :: ServerSideEncryption
  }
  deriving (ServerSideEncryptionByDefault
-> ServerSideEncryptionByDefault -> Bool
(ServerSideEncryptionByDefault
 -> ServerSideEncryptionByDefault -> Bool)
-> (ServerSideEncryptionByDefault
    -> ServerSideEncryptionByDefault -> Bool)
-> Eq ServerSideEncryptionByDefault
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: ServerSideEncryptionByDefault
-> ServerSideEncryptionByDefault -> Bool
$c/= :: ServerSideEncryptionByDefault
-> ServerSideEncryptionByDefault -> Bool
== :: ServerSideEncryptionByDefault
-> ServerSideEncryptionByDefault -> Bool
$c== :: ServerSideEncryptionByDefault
-> ServerSideEncryptionByDefault -> Bool
Prelude.Eq, Int -> ServerSideEncryptionByDefault -> ShowS
[ServerSideEncryptionByDefault] -> ShowS
ServerSideEncryptionByDefault -> String
(Int -> ServerSideEncryptionByDefault -> ShowS)
-> (ServerSideEncryptionByDefault -> String)
-> ([ServerSideEncryptionByDefault] -> ShowS)
-> Show ServerSideEncryptionByDefault
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [ServerSideEncryptionByDefault] -> ShowS
$cshowList :: [ServerSideEncryptionByDefault] -> ShowS
show :: ServerSideEncryptionByDefault -> String
$cshow :: ServerSideEncryptionByDefault -> String
showsPrec :: Int -> ServerSideEncryptionByDefault -> ShowS
$cshowsPrec :: Int -> ServerSideEncryptionByDefault -> ShowS
Prelude.Show, (forall x.
 ServerSideEncryptionByDefault
 -> Rep ServerSideEncryptionByDefault x)
-> (forall x.
    Rep ServerSideEncryptionByDefault x
    -> ServerSideEncryptionByDefault)
-> Generic ServerSideEncryptionByDefault
forall x.
Rep ServerSideEncryptionByDefault x
-> ServerSideEncryptionByDefault
forall x.
ServerSideEncryptionByDefault
-> Rep ServerSideEncryptionByDefault x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x.
Rep ServerSideEncryptionByDefault x
-> ServerSideEncryptionByDefault
$cfrom :: forall x.
ServerSideEncryptionByDefault
-> Rep ServerSideEncryptionByDefault x
Prelude.Generic)

-- |
-- Create a value of 'ServerSideEncryptionByDefault' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'kmsMasterKeyID', 'serverSideEncryptionByDefault_kmsMasterKeyID' - Amazon Web Services Key Management Service (KMS) customer Amazon Web
-- Services KMS key ID to use for the default encryption. This parameter is
-- allowed if and only if @SSEAlgorithm@ is set to @aws:kms@.
--
-- You can specify the key ID or the Amazon Resource Name (ARN) of the KMS
-- key. However, if you are using encryption with cross-account operations,
-- you must use a fully qualified KMS key ARN. For more information, see
-- <https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html#bucket-encryption-update-bucket-policy Using encryption for cross-account operations>.
--
-- __For example:__
--
-- -   Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@
--
-- -   Key ARN:
--     @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@
--
-- Amazon S3 only supports symmetric KMS keys and not asymmetric KMS keys.
-- For more information, see
-- <https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html Using symmetric and asymmetric keys>
-- in the /Amazon Web Services Key Management Service Developer Guide/.
--
-- 'sSEAlgorithm', 'serverSideEncryptionByDefault_sSEAlgorithm' - Server-side encryption algorithm to use for the default encryption.
newServerSideEncryptionByDefault ::
  -- | 'sSEAlgorithm'
  ServerSideEncryption ->
  ServerSideEncryptionByDefault
newServerSideEncryptionByDefault :: ServerSideEncryption -> ServerSideEncryptionByDefault
newServerSideEncryptionByDefault ServerSideEncryption
pSSEAlgorithm_ =
  ServerSideEncryptionByDefault' :: Maybe (Sensitive Text)
-> ServerSideEncryption -> ServerSideEncryptionByDefault
ServerSideEncryptionByDefault'
    { $sel:kmsMasterKeyID:ServerSideEncryptionByDefault' :: Maybe (Sensitive Text)
kmsMasterKeyID =
        Maybe (Sensitive Text)
forall a. Maybe a
Prelude.Nothing,
      $sel:sSEAlgorithm:ServerSideEncryptionByDefault' :: ServerSideEncryption
sSEAlgorithm = ServerSideEncryption
pSSEAlgorithm_
    }

-- | Amazon Web Services Key Management Service (KMS) customer Amazon Web
-- Services KMS key ID to use for the default encryption. This parameter is
-- allowed if and only if @SSEAlgorithm@ is set to @aws:kms@.
--
-- You can specify the key ID or the Amazon Resource Name (ARN) of the KMS
-- key. However, if you are using encryption with cross-account operations,
-- you must use a fully qualified KMS key ARN. For more information, see
-- <https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html#bucket-encryption-update-bucket-policy Using encryption for cross-account operations>.
--
-- __For example:__
--
-- -   Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@
--
-- -   Key ARN:
--     @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@
--
-- Amazon S3 only supports symmetric KMS keys and not asymmetric KMS keys.
-- For more information, see
-- <https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html Using symmetric and asymmetric keys>
-- in the /Amazon Web Services Key Management Service Developer Guide/.
serverSideEncryptionByDefault_kmsMasterKeyID :: Lens.Lens' ServerSideEncryptionByDefault (Prelude.Maybe Prelude.Text)
serverSideEncryptionByDefault_kmsMasterKeyID :: (Maybe Text -> f (Maybe Text))
-> ServerSideEncryptionByDefault -> f ServerSideEncryptionByDefault
serverSideEncryptionByDefault_kmsMasterKeyID = (ServerSideEncryptionByDefault -> Maybe (Sensitive Text))
-> (ServerSideEncryptionByDefault
    -> Maybe (Sensitive Text) -> ServerSideEncryptionByDefault)
-> Lens
     ServerSideEncryptionByDefault
     ServerSideEncryptionByDefault
     (Maybe (Sensitive Text))
     (Maybe (Sensitive Text))
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\ServerSideEncryptionByDefault' {Maybe (Sensitive Text)
kmsMasterKeyID :: Maybe (Sensitive Text)
$sel:kmsMasterKeyID:ServerSideEncryptionByDefault' :: ServerSideEncryptionByDefault -> Maybe (Sensitive Text)
kmsMasterKeyID} -> Maybe (Sensitive Text)
kmsMasterKeyID) (\s :: ServerSideEncryptionByDefault
s@ServerSideEncryptionByDefault' {} Maybe (Sensitive Text)
a -> ServerSideEncryptionByDefault
s {$sel:kmsMasterKeyID:ServerSideEncryptionByDefault' :: Maybe (Sensitive Text)
kmsMasterKeyID = Maybe (Sensitive Text)
a} :: ServerSideEncryptionByDefault) ((Maybe (Sensitive Text) -> f (Maybe (Sensitive Text)))
 -> ServerSideEncryptionByDefault
 -> f ServerSideEncryptionByDefault)
-> ((Maybe Text -> f (Maybe Text))
    -> Maybe (Sensitive Text) -> f (Maybe (Sensitive Text)))
-> (Maybe Text -> f (Maybe Text))
-> ServerSideEncryptionByDefault
-> f ServerSideEncryptionByDefault
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. AnIso (Sensitive Text) (Sensitive Text) Text Text
-> Iso
     (Maybe (Sensitive Text))
     (Maybe (Sensitive Text))
     (Maybe Text)
     (Maybe Text)
forall (f :: * -> *) (g :: * -> *) s t a b.
(Functor f, Functor g) =>
AnIso s t a b -> Iso (f s) (g t) (f a) (g b)
Lens.mapping AnIso (Sensitive Text) (Sensitive Text) Text Text
forall a. Iso' (Sensitive a) a
Core._Sensitive

-- | Server-side encryption algorithm to use for the default encryption.
serverSideEncryptionByDefault_sSEAlgorithm :: Lens.Lens' ServerSideEncryptionByDefault ServerSideEncryption
serverSideEncryptionByDefault_sSEAlgorithm :: (ServerSideEncryption -> f ServerSideEncryption)
-> ServerSideEncryptionByDefault -> f ServerSideEncryptionByDefault
serverSideEncryptionByDefault_sSEAlgorithm = (ServerSideEncryptionByDefault -> ServerSideEncryption)
-> (ServerSideEncryptionByDefault
    -> ServerSideEncryption -> ServerSideEncryptionByDefault)
-> Lens
     ServerSideEncryptionByDefault
     ServerSideEncryptionByDefault
     ServerSideEncryption
     ServerSideEncryption
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\ServerSideEncryptionByDefault' {ServerSideEncryption
sSEAlgorithm :: ServerSideEncryption
$sel:sSEAlgorithm:ServerSideEncryptionByDefault' :: ServerSideEncryptionByDefault -> ServerSideEncryption
sSEAlgorithm} -> ServerSideEncryption
sSEAlgorithm) (\s :: ServerSideEncryptionByDefault
s@ServerSideEncryptionByDefault' {} ServerSideEncryption
a -> ServerSideEncryptionByDefault
s {$sel:sSEAlgorithm:ServerSideEncryptionByDefault' :: ServerSideEncryption
sSEAlgorithm = ServerSideEncryption
a} :: ServerSideEncryptionByDefault)

instance Core.FromXML ServerSideEncryptionByDefault where
  parseXML :: [Node] -> Either String ServerSideEncryptionByDefault
parseXML [Node]
x =
    Maybe (Sensitive Text)
-> ServerSideEncryption -> ServerSideEncryptionByDefault
ServerSideEncryptionByDefault'
      (Maybe (Sensitive Text)
 -> ServerSideEncryption -> ServerSideEncryptionByDefault)
-> Either String (Maybe (Sensitive Text))
-> Either
     String (ServerSideEncryption -> ServerSideEncryptionByDefault)
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> ([Node]
x [Node] -> Text -> Either String (Maybe (Sensitive Text))
forall a. FromXML a => [Node] -> Text -> Either String (Maybe a)
Core..@? Text
"KMSMasterKeyID")
      Either
  String (ServerSideEncryption -> ServerSideEncryptionByDefault)
-> Either String ServerSideEncryption
-> Either String ServerSideEncryptionByDefault
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> ([Node]
x [Node] -> Text -> Either String ServerSideEncryption
forall a. FromXML a => [Node] -> Text -> Either String a
Core..@ Text
"SSEAlgorithm")

instance
  Prelude.Hashable
    ServerSideEncryptionByDefault

instance Prelude.NFData ServerSideEncryptionByDefault

instance Core.ToXML ServerSideEncryptionByDefault where
  toXML :: ServerSideEncryptionByDefault -> XML
toXML ServerSideEncryptionByDefault' {Maybe (Sensitive Text)
ServerSideEncryption
sSEAlgorithm :: ServerSideEncryption
kmsMasterKeyID :: Maybe (Sensitive Text)
$sel:sSEAlgorithm:ServerSideEncryptionByDefault' :: ServerSideEncryptionByDefault -> ServerSideEncryption
$sel:kmsMasterKeyID:ServerSideEncryptionByDefault' :: ServerSideEncryptionByDefault -> Maybe (Sensitive Text)
..} =
    [XML] -> XML
forall a. Monoid a => [a] -> a
Prelude.mconcat
      [ Name
"KMSMasterKeyID" Name -> Maybe (Sensitive Text) -> XML
forall a. ToXML a => Name -> a -> XML
Core.@= Maybe (Sensitive Text)
kmsMasterKeyID,
        Name
"SSEAlgorithm" Name -> ServerSideEncryption -> XML
forall a. ToXML a => Name -> a -> XML
Core.@= ServerSideEncryption
sSEAlgorithm
      ]