{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.ECR.Types.EncryptionConfiguration
-- Copyright   : (c) 2013-2023 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
module Amazonka.ECR.Types.EncryptionConfiguration where

import qualified Amazonka.Core as Core
import qualified Amazonka.Core.Lens.Internal as Lens
import qualified Amazonka.Data as Data
import Amazonka.ECR.Types.EncryptionType
import qualified Amazonka.Prelude as Prelude

-- | The encryption configuration for the repository. This determines how the
-- contents of your repository are encrypted at rest.
--
-- By default, when no encryption configuration is set or the @AES256@
-- encryption type is used, Amazon ECR uses server-side encryption with
-- Amazon S3-managed encryption keys which encrypts your data at rest using
-- an AES-256 encryption algorithm. This does not require any action on
-- your part.
--
-- For more control over the encryption of the contents of your repository,
-- you can use server-side encryption with Key Management Service key
-- stored in Key Management Service (KMS) to encrypt your images. For more
-- information, see
-- <https://docs.aws.amazon.com/AmazonECR/latest/userguide/encryption-at-rest.html Amazon ECR encryption at rest>
-- in the /Amazon Elastic Container Registry User Guide/.
--
-- /See:/ 'newEncryptionConfiguration' smart constructor.
data EncryptionConfiguration = EncryptionConfiguration'
  { -- | If you use the @KMS@ encryption type, specify the KMS key to use for
    -- encryption. The alias, key ID, or full ARN of the KMS key can be
    -- specified. The key must exist in the same Region as the repository. If
    -- no key is specified, the default Amazon Web Services managed KMS key for
    -- Amazon ECR will be used.
    EncryptionConfiguration -> Maybe Text
kmsKey :: Prelude.Maybe Prelude.Text,
    -- | The encryption type to use.
    --
    -- If you use the @KMS@ encryption type, the contents of the repository
    -- will be encrypted using server-side encryption with Key Management
    -- Service key stored in KMS. When you use KMS to encrypt your data, you
    -- can either use the default Amazon Web Services managed KMS key for
    -- Amazon ECR, or specify your own KMS key, which you already created. For
    -- more information, see
    -- <https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html Protecting data using server-side encryption with an KMS key stored in Key Management Service (SSE-KMS)>
    -- in the /Amazon Simple Storage Service Console Developer Guide/.
    --
    -- If you use the @AES256@ encryption type, Amazon ECR uses server-side
    -- encryption with Amazon S3-managed encryption keys which encrypts the
    -- images in the repository using an AES-256 encryption algorithm. For more
    -- information, see
    -- <https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html Protecting data using server-side encryption with Amazon S3-managed encryption keys (SSE-S3)>
    -- in the /Amazon Simple Storage Service Console Developer Guide/.
    EncryptionConfiguration -> EncryptionType
encryptionType :: EncryptionType
  }
  deriving (EncryptionConfiguration -> EncryptionConfiguration -> Bool
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: EncryptionConfiguration -> EncryptionConfiguration -> Bool
$c/= :: EncryptionConfiguration -> EncryptionConfiguration -> Bool
== :: EncryptionConfiguration -> EncryptionConfiguration -> Bool
$c== :: EncryptionConfiguration -> EncryptionConfiguration -> Bool
Prelude.Eq, ReadPrec [EncryptionConfiguration]
ReadPrec EncryptionConfiguration
Int -> ReadS EncryptionConfiguration
ReadS [EncryptionConfiguration]
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [EncryptionConfiguration]
$creadListPrec :: ReadPrec [EncryptionConfiguration]
readPrec :: ReadPrec EncryptionConfiguration
$creadPrec :: ReadPrec EncryptionConfiguration
readList :: ReadS [EncryptionConfiguration]
$creadList :: ReadS [EncryptionConfiguration]
readsPrec :: Int -> ReadS EncryptionConfiguration
$creadsPrec :: Int -> ReadS EncryptionConfiguration
Prelude.Read, Int -> EncryptionConfiguration -> ShowS
[EncryptionConfiguration] -> ShowS
EncryptionConfiguration -> String
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [EncryptionConfiguration] -> ShowS
$cshowList :: [EncryptionConfiguration] -> ShowS
show :: EncryptionConfiguration -> String
$cshow :: EncryptionConfiguration -> String
showsPrec :: Int -> EncryptionConfiguration -> ShowS
$cshowsPrec :: Int -> EncryptionConfiguration -> ShowS
Prelude.Show, forall x. Rep EncryptionConfiguration x -> EncryptionConfiguration
forall x. EncryptionConfiguration -> Rep EncryptionConfiguration x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x. Rep EncryptionConfiguration x -> EncryptionConfiguration
$cfrom :: forall x. EncryptionConfiguration -> Rep EncryptionConfiguration x
Prelude.Generic)

-- |
-- Create a value of 'EncryptionConfiguration' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'kmsKey', 'encryptionConfiguration_kmsKey' - If you use the @KMS@ encryption type, specify the KMS key to use for
-- encryption. The alias, key ID, or full ARN of the KMS key can be
-- specified. The key must exist in the same Region as the repository. If
-- no key is specified, the default Amazon Web Services managed KMS key for
-- Amazon ECR will be used.
--
-- 'encryptionType', 'encryptionConfiguration_encryptionType' - The encryption type to use.
--
-- If you use the @KMS@ encryption type, the contents of the repository
-- will be encrypted using server-side encryption with Key Management
-- Service key stored in KMS. When you use KMS to encrypt your data, you
-- can either use the default Amazon Web Services managed KMS key for
-- Amazon ECR, or specify your own KMS key, which you already created. For
-- more information, see
-- <https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html Protecting data using server-side encryption with an KMS key stored in Key Management Service (SSE-KMS)>
-- in the /Amazon Simple Storage Service Console Developer Guide/.
--
-- If you use the @AES256@ encryption type, Amazon ECR uses server-side
-- encryption with Amazon S3-managed encryption keys which encrypts the
-- images in the repository using an AES-256 encryption algorithm. For more
-- information, see
-- <https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html Protecting data using server-side encryption with Amazon S3-managed encryption keys (SSE-S3)>
-- in the /Amazon Simple Storage Service Console Developer Guide/.
newEncryptionConfiguration ::
  -- | 'encryptionType'
  EncryptionType ->
  EncryptionConfiguration
newEncryptionConfiguration :: EncryptionType -> EncryptionConfiguration
newEncryptionConfiguration EncryptionType
pEncryptionType_ =
  EncryptionConfiguration'
    { $sel:kmsKey:EncryptionConfiguration' :: Maybe Text
kmsKey = forall a. Maybe a
Prelude.Nothing,
      $sel:encryptionType:EncryptionConfiguration' :: EncryptionType
encryptionType = EncryptionType
pEncryptionType_
    }

-- | If you use the @KMS@ encryption type, specify the KMS key to use for
-- encryption. The alias, key ID, or full ARN of the KMS key can be
-- specified. The key must exist in the same Region as the repository. If
-- no key is specified, the default Amazon Web Services managed KMS key for
-- Amazon ECR will be used.
encryptionConfiguration_kmsKey :: Lens.Lens' EncryptionConfiguration (Prelude.Maybe Prelude.Text)
encryptionConfiguration_kmsKey :: Lens' EncryptionConfiguration (Maybe Text)
encryptionConfiguration_kmsKey = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\EncryptionConfiguration' {Maybe Text
kmsKey :: Maybe Text
$sel:kmsKey:EncryptionConfiguration' :: EncryptionConfiguration -> Maybe Text
kmsKey} -> Maybe Text
kmsKey) (\s :: EncryptionConfiguration
s@EncryptionConfiguration' {} Maybe Text
a -> EncryptionConfiguration
s {$sel:kmsKey:EncryptionConfiguration' :: Maybe Text
kmsKey = Maybe Text
a} :: EncryptionConfiguration)

-- | The encryption type to use.
--
-- If you use the @KMS@ encryption type, the contents of the repository
-- will be encrypted using server-side encryption with Key Management
-- Service key stored in KMS. When you use KMS to encrypt your data, you
-- can either use the default Amazon Web Services managed KMS key for
-- Amazon ECR, or specify your own KMS key, which you already created. For
-- more information, see
-- <https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html Protecting data using server-side encryption with an KMS key stored in Key Management Service (SSE-KMS)>
-- in the /Amazon Simple Storage Service Console Developer Guide/.
--
-- If you use the @AES256@ encryption type, Amazon ECR uses server-side
-- encryption with Amazon S3-managed encryption keys which encrypts the
-- images in the repository using an AES-256 encryption algorithm. For more
-- information, see
-- <https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html Protecting data using server-side encryption with Amazon S3-managed encryption keys (SSE-S3)>
-- in the /Amazon Simple Storage Service Console Developer Guide/.
encryptionConfiguration_encryptionType :: Lens.Lens' EncryptionConfiguration EncryptionType
encryptionConfiguration_encryptionType :: Lens' EncryptionConfiguration EncryptionType
encryptionConfiguration_encryptionType = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\EncryptionConfiguration' {EncryptionType
encryptionType :: EncryptionType
$sel:encryptionType:EncryptionConfiguration' :: EncryptionConfiguration -> EncryptionType
encryptionType} -> EncryptionType
encryptionType) (\s :: EncryptionConfiguration
s@EncryptionConfiguration' {} EncryptionType
a -> EncryptionConfiguration
s {$sel:encryptionType:EncryptionConfiguration' :: EncryptionType
encryptionType = EncryptionType
a} :: EncryptionConfiguration)

instance Data.FromJSON EncryptionConfiguration where
  parseJSON :: Value -> Parser EncryptionConfiguration
parseJSON =
    forall a. String -> (Object -> Parser a) -> Value -> Parser a
Data.withObject
      String
"EncryptionConfiguration"
      ( \Object
x ->
          Maybe Text -> EncryptionType -> EncryptionConfiguration
EncryptionConfiguration'
            forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> (Object
x forall a. FromJSON a => Object -> Key -> Parser (Maybe a)
Data..:? Key
"kmsKey")
            forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x forall a. FromJSON a => Object -> Key -> Parser a
Data..: Key
"encryptionType")
      )

instance Prelude.Hashable EncryptionConfiguration where
  hashWithSalt :: Int -> EncryptionConfiguration -> Int
hashWithSalt Int
_salt EncryptionConfiguration' {Maybe Text
EncryptionType
encryptionType :: EncryptionType
kmsKey :: Maybe Text
$sel:encryptionType:EncryptionConfiguration' :: EncryptionConfiguration -> EncryptionType
$sel:kmsKey:EncryptionConfiguration' :: EncryptionConfiguration -> Maybe Text
..} =
    Int
_salt
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Maybe Text
kmsKey
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` EncryptionType
encryptionType

instance Prelude.NFData EncryptionConfiguration where
  rnf :: EncryptionConfiguration -> ()
rnf EncryptionConfiguration' {Maybe Text
EncryptionType
encryptionType :: EncryptionType
kmsKey :: Maybe Text
$sel:encryptionType:EncryptionConfiguration' :: EncryptionConfiguration -> EncryptionType
$sel:kmsKey:EncryptionConfiguration' :: EncryptionConfiguration -> Maybe Text
..} =
    forall a. NFData a => a -> ()
Prelude.rnf Maybe Text
kmsKey
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf EncryptionType
encryptionType

instance Data.ToJSON EncryptionConfiguration where
  toJSON :: EncryptionConfiguration -> Value
toJSON EncryptionConfiguration' {Maybe Text
EncryptionType
encryptionType :: EncryptionType
kmsKey :: Maybe Text
$sel:encryptionType:EncryptionConfiguration' :: EncryptionConfiguration -> EncryptionType
$sel:kmsKey:EncryptionConfiguration' :: EncryptionConfiguration -> Maybe Text
..} =
    [Pair] -> Value
Data.object
      ( forall a. [Maybe a] -> [a]
Prelude.catMaybes
          [ (Key
"kmsKey" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv
Data..=) forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe Text
kmsKey,
            forall a. a -> Maybe a
Prelude.Just
              (Key
"encryptionType" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv
Data..= EncryptionType
encryptionType)
          ]
      )