{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.MediaConvert.Types.S3EncryptionSettings
-- Copyright   : (c) 2013-2023 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
module Amazonka.MediaConvert.Types.S3EncryptionSettings where

import qualified Amazonka.Core as Core
import qualified Amazonka.Core.Lens.Internal as Lens
import qualified Amazonka.Data as Data
import Amazonka.MediaConvert.Types.S3ServerSideEncryptionType
import qualified Amazonka.Prelude as Prelude

-- | Settings for how your job outputs are encrypted as they are uploaded to
-- Amazon S3.
--
-- /See:/ 'newS3EncryptionSettings' smart constructor.
data S3EncryptionSettings = S3EncryptionSettings'
  { -- | Specify how you want your data keys managed. AWS uses data keys to
    -- encrypt your content. AWS also encrypts the data keys themselves, using
    -- a customer master key (CMK), and then stores the encrypted data keys
    -- alongside your encrypted content. Use this setting to specify which AWS
    -- service manages the CMK. For simplest set up, choose Amazon S3
    -- (SERVER_SIDE_ENCRYPTION_S3). If you want your master key to be managed
    -- by AWS Key Management Service (KMS), choose AWS KMS
    -- (SERVER_SIDE_ENCRYPTION_KMS). By default, when you choose AWS KMS, KMS
    -- uses the AWS managed customer master key (CMK) associated with Amazon S3
    -- to encrypt your data keys. You can optionally choose to specify a
    -- different, customer managed CMK. Do so by specifying the Amazon Resource
    -- Name (ARN) of the key for the setting KMS ARN (kmsKeyArn).
    S3EncryptionSettings -> Maybe S3ServerSideEncryptionType
encryptionType :: Prelude.Maybe S3ServerSideEncryptionType,
    -- | Optionally, specify the encryption context that you want to use
    -- alongside your KMS key. AWS KMS uses this encryption context as
    -- additional authenticated data (AAD) to support authenticated encryption.
    -- This value must be a base64-encoded UTF-8 string holding JSON which
    -- represents a string-string map. To use this setting, you must also set
    -- Server-side encryption (S3ServerSideEncryptionType) to AWS KMS
    -- (SERVER_SIDE_ENCRYPTION_KMS). For more information about encryption
    -- context, see:
    -- https:\/\/docs.aws.amazon.com\/kms\/latest\/developerguide\/concepts.html#encrypt_context.
    S3EncryptionSettings -> Maybe Text
kmsEncryptionContext :: Prelude.Maybe Prelude.Text,
    -- | Optionally, specify the customer master key (CMK) that you want to use
    -- to encrypt the data key that AWS uses to encrypt your output content.
    -- Enter the Amazon Resource Name (ARN) of the CMK. To use this setting,
    -- you must also set Server-side encryption (S3ServerSideEncryptionType) to
    -- AWS KMS (SERVER_SIDE_ENCRYPTION_KMS). If you set Server-side encryption
    -- to AWS KMS but don\'t specify a CMK here, AWS uses the AWS managed CMK
    -- associated with Amazon S3.
    S3EncryptionSettings -> Maybe Text
kmsKeyArn :: Prelude.Maybe Prelude.Text
  }
  deriving (S3EncryptionSettings -> S3EncryptionSettings -> Bool
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: S3EncryptionSettings -> S3EncryptionSettings -> Bool
$c/= :: S3EncryptionSettings -> S3EncryptionSettings -> Bool
== :: S3EncryptionSettings -> S3EncryptionSettings -> Bool
$c== :: S3EncryptionSettings -> S3EncryptionSettings -> Bool
Prelude.Eq, ReadPrec [S3EncryptionSettings]
ReadPrec S3EncryptionSettings
Int -> ReadS S3EncryptionSettings
ReadS [S3EncryptionSettings]
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [S3EncryptionSettings]
$creadListPrec :: ReadPrec [S3EncryptionSettings]
readPrec :: ReadPrec S3EncryptionSettings
$creadPrec :: ReadPrec S3EncryptionSettings
readList :: ReadS [S3EncryptionSettings]
$creadList :: ReadS [S3EncryptionSettings]
readsPrec :: Int -> ReadS S3EncryptionSettings
$creadsPrec :: Int -> ReadS S3EncryptionSettings
Prelude.Read, Int -> S3EncryptionSettings -> ShowS
[S3EncryptionSettings] -> ShowS
S3EncryptionSettings -> String
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [S3EncryptionSettings] -> ShowS
$cshowList :: [S3EncryptionSettings] -> ShowS
show :: S3EncryptionSettings -> String
$cshow :: S3EncryptionSettings -> String
showsPrec :: Int -> S3EncryptionSettings -> ShowS
$cshowsPrec :: Int -> S3EncryptionSettings -> ShowS
Prelude.Show, forall x. Rep S3EncryptionSettings x -> S3EncryptionSettings
forall x. S3EncryptionSettings -> Rep S3EncryptionSettings x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x. Rep S3EncryptionSettings x -> S3EncryptionSettings
$cfrom :: forall x. S3EncryptionSettings -> Rep S3EncryptionSettings x
Prelude.Generic)

-- |
-- Create a value of 'S3EncryptionSettings' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'encryptionType', 's3EncryptionSettings_encryptionType' - Specify how you want your data keys managed. AWS uses data keys to
-- encrypt your content. AWS also encrypts the data keys themselves, using
-- a customer master key (CMK), and then stores the encrypted data keys
-- alongside your encrypted content. Use this setting to specify which AWS
-- service manages the CMK. For simplest set up, choose Amazon S3
-- (SERVER_SIDE_ENCRYPTION_S3). If you want your master key to be managed
-- by AWS Key Management Service (KMS), choose AWS KMS
-- (SERVER_SIDE_ENCRYPTION_KMS). By default, when you choose AWS KMS, KMS
-- uses the AWS managed customer master key (CMK) associated with Amazon S3
-- to encrypt your data keys. You can optionally choose to specify a
-- different, customer managed CMK. Do so by specifying the Amazon Resource
-- Name (ARN) of the key for the setting KMS ARN (kmsKeyArn).
--
-- 'kmsEncryptionContext', 's3EncryptionSettings_kmsEncryptionContext' - Optionally, specify the encryption context that you want to use
-- alongside your KMS key. AWS KMS uses this encryption context as
-- additional authenticated data (AAD) to support authenticated encryption.
-- This value must be a base64-encoded UTF-8 string holding JSON which
-- represents a string-string map. To use this setting, you must also set
-- Server-side encryption (S3ServerSideEncryptionType) to AWS KMS
-- (SERVER_SIDE_ENCRYPTION_KMS). For more information about encryption
-- context, see:
-- https:\/\/docs.aws.amazon.com\/kms\/latest\/developerguide\/concepts.html#encrypt_context.
--
-- 'kmsKeyArn', 's3EncryptionSettings_kmsKeyArn' - Optionally, specify the customer master key (CMK) that you want to use
-- to encrypt the data key that AWS uses to encrypt your output content.
-- Enter the Amazon Resource Name (ARN) of the CMK. To use this setting,
-- you must also set Server-side encryption (S3ServerSideEncryptionType) to
-- AWS KMS (SERVER_SIDE_ENCRYPTION_KMS). If you set Server-side encryption
-- to AWS KMS but don\'t specify a CMK here, AWS uses the AWS managed CMK
-- associated with Amazon S3.
newS3EncryptionSettings ::
  S3EncryptionSettings
newS3EncryptionSettings :: S3EncryptionSettings
newS3EncryptionSettings =
  S3EncryptionSettings'
    { $sel:encryptionType:S3EncryptionSettings' :: Maybe S3ServerSideEncryptionType
encryptionType =
        forall a. Maybe a
Prelude.Nothing,
      $sel:kmsEncryptionContext:S3EncryptionSettings' :: Maybe Text
kmsEncryptionContext = forall a. Maybe a
Prelude.Nothing,
      $sel:kmsKeyArn:S3EncryptionSettings' :: Maybe Text
kmsKeyArn = forall a. Maybe a
Prelude.Nothing
    }

-- | Specify how you want your data keys managed. AWS uses data keys to
-- encrypt your content. AWS also encrypts the data keys themselves, using
-- a customer master key (CMK), and then stores the encrypted data keys
-- alongside your encrypted content. Use this setting to specify which AWS
-- service manages the CMK. For simplest set up, choose Amazon S3
-- (SERVER_SIDE_ENCRYPTION_S3). If you want your master key to be managed
-- by AWS Key Management Service (KMS), choose AWS KMS
-- (SERVER_SIDE_ENCRYPTION_KMS). By default, when you choose AWS KMS, KMS
-- uses the AWS managed customer master key (CMK) associated with Amazon S3
-- to encrypt your data keys. You can optionally choose to specify a
-- different, customer managed CMK. Do so by specifying the Amazon Resource
-- Name (ARN) of the key for the setting KMS ARN (kmsKeyArn).
s3EncryptionSettings_encryptionType :: Lens.Lens' S3EncryptionSettings (Prelude.Maybe S3ServerSideEncryptionType)
s3EncryptionSettings_encryptionType :: Lens' S3EncryptionSettings (Maybe S3ServerSideEncryptionType)
s3EncryptionSettings_encryptionType = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\S3EncryptionSettings' {Maybe S3ServerSideEncryptionType
encryptionType :: Maybe S3ServerSideEncryptionType
$sel:encryptionType:S3EncryptionSettings' :: S3EncryptionSettings -> Maybe S3ServerSideEncryptionType
encryptionType} -> Maybe S3ServerSideEncryptionType
encryptionType) (\s :: S3EncryptionSettings
s@S3EncryptionSettings' {} Maybe S3ServerSideEncryptionType
a -> S3EncryptionSettings
s {$sel:encryptionType:S3EncryptionSettings' :: Maybe S3ServerSideEncryptionType
encryptionType = Maybe S3ServerSideEncryptionType
a} :: S3EncryptionSettings)

-- | Optionally, specify the encryption context that you want to use
-- alongside your KMS key. AWS KMS uses this encryption context as
-- additional authenticated data (AAD) to support authenticated encryption.
-- This value must be a base64-encoded UTF-8 string holding JSON which
-- represents a string-string map. To use this setting, you must also set
-- Server-side encryption (S3ServerSideEncryptionType) to AWS KMS
-- (SERVER_SIDE_ENCRYPTION_KMS). For more information about encryption
-- context, see:
-- https:\/\/docs.aws.amazon.com\/kms\/latest\/developerguide\/concepts.html#encrypt_context.
s3EncryptionSettings_kmsEncryptionContext :: Lens.Lens' S3EncryptionSettings (Prelude.Maybe Prelude.Text)
s3EncryptionSettings_kmsEncryptionContext :: Lens' S3EncryptionSettings (Maybe Text)
s3EncryptionSettings_kmsEncryptionContext = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\S3EncryptionSettings' {Maybe Text
kmsEncryptionContext :: Maybe Text
$sel:kmsEncryptionContext:S3EncryptionSettings' :: S3EncryptionSettings -> Maybe Text
kmsEncryptionContext} -> Maybe Text
kmsEncryptionContext) (\s :: S3EncryptionSettings
s@S3EncryptionSettings' {} Maybe Text
a -> S3EncryptionSettings
s {$sel:kmsEncryptionContext:S3EncryptionSettings' :: Maybe Text
kmsEncryptionContext = Maybe Text
a} :: S3EncryptionSettings)

-- | Optionally, specify the customer master key (CMK) that you want to use
-- to encrypt the data key that AWS uses to encrypt your output content.
-- Enter the Amazon Resource Name (ARN) of the CMK. To use this setting,
-- you must also set Server-side encryption (S3ServerSideEncryptionType) to
-- AWS KMS (SERVER_SIDE_ENCRYPTION_KMS). If you set Server-side encryption
-- to AWS KMS but don\'t specify a CMK here, AWS uses the AWS managed CMK
-- associated with Amazon S3.
s3EncryptionSettings_kmsKeyArn :: Lens.Lens' S3EncryptionSettings (Prelude.Maybe Prelude.Text)
s3EncryptionSettings_kmsKeyArn :: Lens' S3EncryptionSettings (Maybe Text)
s3EncryptionSettings_kmsKeyArn = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\S3EncryptionSettings' {Maybe Text
kmsKeyArn :: Maybe Text
$sel:kmsKeyArn:S3EncryptionSettings' :: S3EncryptionSettings -> Maybe Text
kmsKeyArn} -> Maybe Text
kmsKeyArn) (\s :: S3EncryptionSettings
s@S3EncryptionSettings' {} Maybe Text
a -> S3EncryptionSettings
s {$sel:kmsKeyArn:S3EncryptionSettings' :: Maybe Text
kmsKeyArn = Maybe Text
a} :: S3EncryptionSettings)

instance Data.FromJSON S3EncryptionSettings where
  parseJSON :: Value -> Parser S3EncryptionSettings
parseJSON =
    forall a. String -> (Object -> Parser a) -> Value -> Parser a
Data.withObject
      String
"S3EncryptionSettings"
      ( \Object
x ->
          Maybe S3ServerSideEncryptionType
-> Maybe Text -> Maybe Text -> S3EncryptionSettings
S3EncryptionSettings'
            forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> (Object
x forall a. FromJSON a => Object -> Key -> Parser (Maybe a)
Data..:? Key
"encryptionType")
            forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x forall a. FromJSON a => Object -> Key -> Parser (Maybe a)
Data..:? Key
"kmsEncryptionContext")
            forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x forall a. FromJSON a => Object -> Key -> Parser (Maybe a)
Data..:? Key
"kmsKeyArn")
      )

instance Prelude.Hashable S3EncryptionSettings where
  hashWithSalt :: Int -> S3EncryptionSettings -> Int
hashWithSalt Int
_salt S3EncryptionSettings' {Maybe Text
Maybe S3ServerSideEncryptionType
kmsKeyArn :: Maybe Text
kmsEncryptionContext :: Maybe Text
encryptionType :: Maybe S3ServerSideEncryptionType
$sel:kmsKeyArn:S3EncryptionSettings' :: S3EncryptionSettings -> Maybe Text
$sel:kmsEncryptionContext:S3EncryptionSettings' :: S3EncryptionSettings -> Maybe Text
$sel:encryptionType:S3EncryptionSettings' :: S3EncryptionSettings -> Maybe S3ServerSideEncryptionType
..} =
    Int
_salt
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Maybe S3ServerSideEncryptionType
encryptionType
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Maybe Text
kmsEncryptionContext
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Maybe Text
kmsKeyArn

instance Prelude.NFData S3EncryptionSettings where
  rnf :: S3EncryptionSettings -> ()
rnf S3EncryptionSettings' {Maybe Text
Maybe S3ServerSideEncryptionType
kmsKeyArn :: Maybe Text
kmsEncryptionContext :: Maybe Text
encryptionType :: Maybe S3ServerSideEncryptionType
$sel:kmsKeyArn:S3EncryptionSettings' :: S3EncryptionSettings -> Maybe Text
$sel:kmsEncryptionContext:S3EncryptionSettings' :: S3EncryptionSettings -> Maybe Text
$sel:encryptionType:S3EncryptionSettings' :: S3EncryptionSettings -> Maybe S3ServerSideEncryptionType
..} =
    forall a. NFData a => a -> ()
Prelude.rnf Maybe S3ServerSideEncryptionType
encryptionType
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Maybe Text
kmsEncryptionContext
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Maybe Text
kmsKeyArn

instance Data.ToJSON S3EncryptionSettings where
  toJSON :: S3EncryptionSettings -> Value
toJSON S3EncryptionSettings' {Maybe Text
Maybe S3ServerSideEncryptionType
kmsKeyArn :: Maybe Text
kmsEncryptionContext :: Maybe Text
encryptionType :: Maybe S3ServerSideEncryptionType
$sel:kmsKeyArn:S3EncryptionSettings' :: S3EncryptionSettings -> Maybe Text
$sel:kmsEncryptionContext:S3EncryptionSettings' :: S3EncryptionSettings -> Maybe Text
$sel:encryptionType:S3EncryptionSettings' :: S3EncryptionSettings -> Maybe S3ServerSideEncryptionType
..} =
    [Pair] -> Value
Data.object
      ( forall a. [Maybe a] -> [a]
Prelude.catMaybes
          [ (Key
"encryptionType" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv
Data..=)
              forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe S3ServerSideEncryptionType
encryptionType,
            (Key
"kmsEncryptionContext" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv
Data..=)
              forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe Text
kmsEncryptionContext,
            (Key
"kmsKeyArn" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv
Data..=) forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe Text
kmsKeyArn
          ]
      )