{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.S3.Types.ServerSideEncryptionByDefault
-- Copyright   : (c) 2013-2023 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
module Amazonka.S3.Types.ServerSideEncryptionByDefault where

import qualified Amazonka.Core as Core
import qualified Amazonka.Core.Lens.Internal as Lens
import qualified Amazonka.Data as Data
import qualified Amazonka.Prelude as Prelude
import Amazonka.S3.Internal
import Amazonka.S3.Types.ServerSideEncryption

-- | Describes the default server-side encryption to apply to new objects in
-- the bucket. If a PUT Object request doesn\'t specify any server-side
-- encryption, this default encryption will be applied. If you don\'t
-- specify a customer managed key at configuration, Amazon S3 automatically
-- creates an Amazon Web Services KMS key in your Amazon Web Services
-- account the first time that you add an object encrypted with SSE-KMS to
-- a bucket. By default, Amazon S3 uses this KMS key for SSE-KMS. For more
-- information, see
-- <https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTencryption.html PUT Bucket encryption>
-- in the /Amazon S3 API Reference/.
--
-- /See:/ 'newServerSideEncryptionByDefault' smart constructor.
data ServerSideEncryptionByDefault = ServerSideEncryptionByDefault'
  { -- | Amazon Web Services Key Management Service (KMS) customer Amazon Web
    -- Services KMS key ID to use for the default encryption. This parameter is
    -- allowed if and only if @SSEAlgorithm@ is set to @aws:kms@.
    --
    -- You can specify the key ID or the Amazon Resource Name (ARN) of the KMS
    -- key. However, if you are using encryption with cross-account or Amazon
    -- Web Services service operations you must use a fully qualified KMS key
    -- ARN. For more information, see
    -- <https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html#bucket-encryption-update-bucket-policy Using encryption for cross-account operations>.
    --
    -- __For example:__
    --
    -- -   Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@
    --
    -- -   Key ARN:
    --     @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@
    --
    -- Amazon S3 only supports symmetric KMS keys and not asymmetric KMS keys.
    -- For more information, see
    -- <https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html Using symmetric and asymmetric keys>
    -- in the /Amazon Web Services Key Management Service Developer Guide/.
    ServerSideEncryptionByDefault -> Maybe (Sensitive Text)
kmsMasterKeyID :: Prelude.Maybe (Data.Sensitive Prelude.Text),
    -- | Server-side encryption algorithm to use for the default encryption.
    ServerSideEncryptionByDefault -> ServerSideEncryption
sSEAlgorithm :: ServerSideEncryption
  }
  deriving (ServerSideEncryptionByDefault
-> ServerSideEncryptionByDefault -> Bool
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: ServerSideEncryptionByDefault
-> ServerSideEncryptionByDefault -> Bool
$c/= :: ServerSideEncryptionByDefault
-> ServerSideEncryptionByDefault -> Bool
== :: ServerSideEncryptionByDefault
-> ServerSideEncryptionByDefault -> Bool
$c== :: ServerSideEncryptionByDefault
-> ServerSideEncryptionByDefault -> Bool
Prelude.Eq, Int -> ServerSideEncryptionByDefault -> ShowS
[ServerSideEncryptionByDefault] -> ShowS
ServerSideEncryptionByDefault -> String
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [ServerSideEncryptionByDefault] -> ShowS
$cshowList :: [ServerSideEncryptionByDefault] -> ShowS
show :: ServerSideEncryptionByDefault -> String
$cshow :: ServerSideEncryptionByDefault -> String
showsPrec :: Int -> ServerSideEncryptionByDefault -> ShowS
$cshowsPrec :: Int -> ServerSideEncryptionByDefault -> ShowS
Prelude.Show, forall x.
Rep ServerSideEncryptionByDefault x
-> ServerSideEncryptionByDefault
forall x.
ServerSideEncryptionByDefault
-> Rep ServerSideEncryptionByDefault x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x.
Rep ServerSideEncryptionByDefault x
-> ServerSideEncryptionByDefault
$cfrom :: forall x.
ServerSideEncryptionByDefault
-> Rep ServerSideEncryptionByDefault x
Prelude.Generic)

-- |
-- Create a value of 'ServerSideEncryptionByDefault' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'kmsMasterKeyID', 'serverSideEncryptionByDefault_kmsMasterKeyID' - Amazon Web Services Key Management Service (KMS) customer Amazon Web
-- Services KMS key ID to use for the default encryption. This parameter is
-- allowed if and only if @SSEAlgorithm@ is set to @aws:kms@.
--
-- You can specify the key ID or the Amazon Resource Name (ARN) of the KMS
-- key. However, if you are using encryption with cross-account or Amazon
-- Web Services service operations you must use a fully qualified KMS key
-- ARN. For more information, see
-- <https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html#bucket-encryption-update-bucket-policy Using encryption for cross-account operations>.
--
-- __For example:__
--
-- -   Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@
--
-- -   Key ARN:
--     @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@
--
-- Amazon S3 only supports symmetric KMS keys and not asymmetric KMS keys.
-- For more information, see
-- <https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html Using symmetric and asymmetric keys>
-- in the /Amazon Web Services Key Management Service Developer Guide/.
--
-- 'sSEAlgorithm', 'serverSideEncryptionByDefault_sSEAlgorithm' - Server-side encryption algorithm to use for the default encryption.
newServerSideEncryptionByDefault ::
  -- | 'sSEAlgorithm'
  ServerSideEncryption ->
  ServerSideEncryptionByDefault
newServerSideEncryptionByDefault :: ServerSideEncryption -> ServerSideEncryptionByDefault
newServerSideEncryptionByDefault ServerSideEncryption
pSSEAlgorithm_ =
  ServerSideEncryptionByDefault'
    { $sel:kmsMasterKeyID:ServerSideEncryptionByDefault' :: Maybe (Sensitive Text)
kmsMasterKeyID =
        forall a. Maybe a
Prelude.Nothing,
      $sel:sSEAlgorithm:ServerSideEncryptionByDefault' :: ServerSideEncryption
sSEAlgorithm = ServerSideEncryption
pSSEAlgorithm_
    }

-- | Amazon Web Services Key Management Service (KMS) customer Amazon Web
-- Services KMS key ID to use for the default encryption. This parameter is
-- allowed if and only if @SSEAlgorithm@ is set to @aws:kms@.
--
-- You can specify the key ID or the Amazon Resource Name (ARN) of the KMS
-- key. However, if you are using encryption with cross-account or Amazon
-- Web Services service operations you must use a fully qualified KMS key
-- ARN. For more information, see
-- <https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html#bucket-encryption-update-bucket-policy Using encryption for cross-account operations>.
--
-- __For example:__
--
-- -   Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@
--
-- -   Key ARN:
--     @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@
--
-- Amazon S3 only supports symmetric KMS keys and not asymmetric KMS keys.
-- For more information, see
-- <https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html Using symmetric and asymmetric keys>
-- in the /Amazon Web Services Key Management Service Developer Guide/.
serverSideEncryptionByDefault_kmsMasterKeyID :: Lens.Lens' ServerSideEncryptionByDefault (Prelude.Maybe Prelude.Text)
serverSideEncryptionByDefault_kmsMasterKeyID :: Lens' ServerSideEncryptionByDefault (Maybe Text)
serverSideEncryptionByDefault_kmsMasterKeyID = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\ServerSideEncryptionByDefault' {Maybe (Sensitive Text)
kmsMasterKeyID :: Maybe (Sensitive Text)
$sel:kmsMasterKeyID:ServerSideEncryptionByDefault' :: ServerSideEncryptionByDefault -> Maybe (Sensitive Text)
kmsMasterKeyID} -> Maybe (Sensitive Text)
kmsMasterKeyID) (\s :: ServerSideEncryptionByDefault
s@ServerSideEncryptionByDefault' {} Maybe (Sensitive Text)
a -> ServerSideEncryptionByDefault
s {$sel:kmsMasterKeyID:ServerSideEncryptionByDefault' :: Maybe (Sensitive Text)
kmsMasterKeyID = Maybe (Sensitive Text)
a} :: ServerSideEncryptionByDefault) forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. forall (f :: * -> *) (g :: * -> *) s t a b.
(Functor f, Functor g) =>
AnIso s t a b -> Iso (f s) (g t) (f a) (g b)
Lens.mapping forall a. Iso' (Sensitive a) a
Data._Sensitive

-- | Server-side encryption algorithm to use for the default encryption.
serverSideEncryptionByDefault_sSEAlgorithm :: Lens.Lens' ServerSideEncryptionByDefault ServerSideEncryption
serverSideEncryptionByDefault_sSEAlgorithm :: Lens' ServerSideEncryptionByDefault ServerSideEncryption
serverSideEncryptionByDefault_sSEAlgorithm = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\ServerSideEncryptionByDefault' {ServerSideEncryption
sSEAlgorithm :: ServerSideEncryption
$sel:sSEAlgorithm:ServerSideEncryptionByDefault' :: ServerSideEncryptionByDefault -> ServerSideEncryption
sSEAlgorithm} -> ServerSideEncryption
sSEAlgorithm) (\s :: ServerSideEncryptionByDefault
s@ServerSideEncryptionByDefault' {} ServerSideEncryption
a -> ServerSideEncryptionByDefault
s {$sel:sSEAlgorithm:ServerSideEncryptionByDefault' :: ServerSideEncryption
sSEAlgorithm = ServerSideEncryption
a} :: ServerSideEncryptionByDefault)

instance Data.FromXML ServerSideEncryptionByDefault where
  parseXML :: [Node] -> Either String ServerSideEncryptionByDefault
parseXML [Node]
x =
    Maybe (Sensitive Text)
-> ServerSideEncryption -> ServerSideEncryptionByDefault
ServerSideEncryptionByDefault'
      forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> ([Node]
x forall a. FromXML a => [Node] -> Text -> Either String (Maybe a)
Data..@? Text
"KMSMasterKeyID")
      forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> ([Node]
x forall a. FromXML a => [Node] -> Text -> Either String a
Data..@ Text
"SSEAlgorithm")

instance
  Prelude.Hashable
    ServerSideEncryptionByDefault
  where
  hashWithSalt :: Int -> ServerSideEncryptionByDefault -> Int
hashWithSalt Int
_salt ServerSideEncryptionByDefault' {Maybe (Sensitive Text)
ServerSideEncryption
sSEAlgorithm :: ServerSideEncryption
kmsMasterKeyID :: Maybe (Sensitive Text)
$sel:sSEAlgorithm:ServerSideEncryptionByDefault' :: ServerSideEncryptionByDefault -> ServerSideEncryption
$sel:kmsMasterKeyID:ServerSideEncryptionByDefault' :: ServerSideEncryptionByDefault -> Maybe (Sensitive Text)
..} =
    Int
_salt
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Maybe (Sensitive Text)
kmsMasterKeyID
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` ServerSideEncryption
sSEAlgorithm

instance Prelude.NFData ServerSideEncryptionByDefault where
  rnf :: ServerSideEncryptionByDefault -> ()
rnf ServerSideEncryptionByDefault' {Maybe (Sensitive Text)
ServerSideEncryption
sSEAlgorithm :: ServerSideEncryption
kmsMasterKeyID :: Maybe (Sensitive Text)
$sel:sSEAlgorithm:ServerSideEncryptionByDefault' :: ServerSideEncryptionByDefault -> ServerSideEncryption
$sel:kmsMasterKeyID:ServerSideEncryptionByDefault' :: ServerSideEncryptionByDefault -> Maybe (Sensitive Text)
..} =
    forall a. NFData a => a -> ()
Prelude.rnf Maybe (Sensitive Text)
kmsMasterKeyID
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf ServerSideEncryption
sSEAlgorithm

instance Data.ToXML ServerSideEncryptionByDefault where
  toXML :: ServerSideEncryptionByDefault -> XML
toXML ServerSideEncryptionByDefault' {Maybe (Sensitive Text)
ServerSideEncryption
sSEAlgorithm :: ServerSideEncryption
kmsMasterKeyID :: Maybe (Sensitive Text)
$sel:sSEAlgorithm:ServerSideEncryptionByDefault' :: ServerSideEncryptionByDefault -> ServerSideEncryption
$sel:kmsMasterKeyID:ServerSideEncryptionByDefault' :: ServerSideEncryptionByDefault -> Maybe (Sensitive Text)
..} =
    forall a. Monoid a => [a] -> a
Prelude.mconcat
      [ Name
"KMSMasterKeyID" forall a. ToXML a => Name -> a -> XML
Data.@= Maybe (Sensitive Text)
kmsMasterKeyID,
        Name
"SSEAlgorithm" forall a. ToXML a => Name -> a -> XML
Data.@= ServerSideEncryption
sSEAlgorithm
      ]