software.amazon.awssdk.services.s3.model.ServerSideEncryptionRule Maven / Gradle / Ivy
Show all versions of s3 Show documentation
/*
* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with
* the License. A copy of the License is located at
*
* http://aws.amazon.com/apache2.0
*
* or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
* CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions
* and limitations under the License.
*/
package software.amazon.awssdk.services.s3.model;
import java.io.Serializable;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.function.BiConsumer;
import java.util.function.Consumer;
import java.util.function.Function;
import software.amazon.awssdk.annotations.Generated;
import software.amazon.awssdk.core.SdkField;
import software.amazon.awssdk.core.SdkPojo;
import software.amazon.awssdk.core.protocol.MarshallLocation;
import software.amazon.awssdk.core.protocol.MarshallingType;
import software.amazon.awssdk.core.traits.LocationTrait;
import software.amazon.awssdk.utils.ToString;
import software.amazon.awssdk.utils.builder.CopyableBuilder;
import software.amazon.awssdk.utils.builder.ToCopyableBuilder;
/**
*
* Specifies the default server-side encryption configuration.
*
*
*
* -
*
* General purpose buckets - If you're specifying a customer managed KMS key, we recommend using a fully
* qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester’s account.
* This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket
* owner.
*
*
* -
*
* Directory buckets - When you specify an KMS customer managed key
* for encryption in your directory bucket, only use the key ID or key ARN. The key alias format of the KMS key isn't
* supported.
*
*
*
*
*/
@Generated("software.amazon.awssdk:codegen")
public final class ServerSideEncryptionRule implements SdkPojo, Serializable,
ToCopyableBuilder {
private static final SdkField APPLY_SERVER_SIDE_ENCRYPTION_BY_DEFAULT_FIELD = SdkField
. builder(MarshallingType.SDK_POJO)
.memberName("ApplyServerSideEncryptionByDefault")
.getter(getter(ServerSideEncryptionRule::applyServerSideEncryptionByDefault))
.setter(setter(Builder::applyServerSideEncryptionByDefault))
.constructor(ServerSideEncryptionByDefault::builder)
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("ApplyServerSideEncryptionByDefault")
.unmarshallLocationName("ApplyServerSideEncryptionByDefault").build()).build();
private static final SdkField BUCKET_KEY_ENABLED_FIELD = SdkField
. builder(MarshallingType.BOOLEAN)
.memberName("BucketKeyEnabled")
.getter(getter(ServerSideEncryptionRule::bucketKeyEnabled))
.setter(setter(Builder::bucketKeyEnabled))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("BucketKeyEnabled")
.unmarshallLocationName("BucketKeyEnabled").build()).build();
private static final List> SDK_FIELDS = Collections.unmodifiableList(Arrays.asList(
APPLY_SERVER_SIDE_ENCRYPTION_BY_DEFAULT_FIELD, BUCKET_KEY_ENABLED_FIELD));
private static final long serialVersionUID = 1L;
private final ServerSideEncryptionByDefault applyServerSideEncryptionByDefault;
private final Boolean bucketKeyEnabled;
private ServerSideEncryptionRule(BuilderImpl builder) {
this.applyServerSideEncryptionByDefault = builder.applyServerSideEncryptionByDefault;
this.bucketKeyEnabled = builder.bucketKeyEnabled;
}
/**
*
* Specifies the default server-side encryption to apply to new objects in the bucket. If a PUT Object request
* doesn't specify any server-side encryption, this default encryption will be applied.
*
*
* @return Specifies the default server-side encryption to apply to new objects in the bucket. If a PUT Object
* request doesn't specify any server-side encryption, this default encryption will be applied.
*/
public final ServerSideEncryptionByDefault applyServerSideEncryptionByDefault() {
return applyServerSideEncryptionByDefault;
}
/**
*
* Specifies whether Amazon S3 should use an S3 Bucket Key with server-side encryption using KMS (SSE-KMS) for new
* objects in the bucket. Existing objects are not affected. Setting the BucketKeyEnabled element to
* true causes Amazon S3 to use an S3 Bucket Key.
*
*
*
* -
*
* General purpose buckets - By default, S3 Bucket Key is not enabled. For more information, see Amazon S3 Bucket Keys in the Amazon
* S3 User Guide.
*
*
* -
*
* Directory buckets - S3 Bucket Keys are always enabled for GET and PUT operations
* in a directory bucket and can’t be disabled. S3 Bucket Keys aren't supported, when you copy SSE-KMS encrypted
* objects from general purpose buckets to directory buckets, from directory buckets to general purpose buckets, or
* between directory buckets, through CopyObject, UploadPartCopy, the Copy
* operation in Batch Operations, or the import jobs. In this case,
* Amazon S3 makes a call to KMS every time a copy request is made for a KMS-encrypted object.
*
*
*
*
*
* @return Specifies whether Amazon S3 should use an S3 Bucket Key with server-side encryption using KMS (SSE-KMS)
* for new objects in the bucket. Existing objects are not affected. Setting the
* BucketKeyEnabled element to true causes Amazon S3 to use an S3 Bucket Key.
*
*
* -
*
* General purpose buckets - By default, S3 Bucket Key is not enabled. For more information, see Amazon S3 Bucket Keys in the
* Amazon S3 User Guide.
*
*
* -
*
* Directory buckets - S3 Bucket Keys are always enabled for GET and PUT
* operations in a directory bucket and can’t be disabled. S3 Bucket Keys aren't supported, when you copy
* SSE-KMS encrypted objects from general purpose buckets to directory buckets, from directory buckets to
* general purpose buckets, or between directory buckets, through CopyObject, UploadPartCopy, the Copy
* operation in Batch Operations, or the import jobs. In
* this case, Amazon S3 makes a call to KMS every time a copy request is made for a KMS-encrypted object.
*
*
*
*/
public final Boolean bucketKeyEnabled() {
return bucketKeyEnabled;
}
@Override
public Builder toBuilder() {
return new BuilderImpl(this);
}
public static Builder builder() {
return new BuilderImpl();
}
public static Class serializableBuilderClass() {
return BuilderImpl.class;
}
@Override
public final int hashCode() {
int hashCode = 1;
hashCode = 31 * hashCode + Objects.hashCode(applyServerSideEncryptionByDefault());
hashCode = 31 * hashCode + Objects.hashCode(bucketKeyEnabled());
return hashCode;
}
@Override
public final boolean equals(Object obj) {
return equalsBySdkFields(obj);
}
@Override
public final boolean equalsBySdkFields(Object obj) {
if (this == obj) {
return true;
}
if (obj == null) {
return false;
}
if (!(obj instanceof ServerSideEncryptionRule)) {
return false;
}
ServerSideEncryptionRule other = (ServerSideEncryptionRule) obj;
return Objects.equals(applyServerSideEncryptionByDefault(), other.applyServerSideEncryptionByDefault())
&& Objects.equals(bucketKeyEnabled(), other.bucketKeyEnabled());
}
/**
* Returns a string representation of this object. This is useful for testing and debugging. Sensitive data will be
* redacted from this string using a placeholder value.
*/
@Override
public final String toString() {
return ToString.builder("ServerSideEncryptionRule")
.add("ApplyServerSideEncryptionByDefault", applyServerSideEncryptionByDefault())
.add("BucketKeyEnabled", bucketKeyEnabled()).build();
}
public final Optional getValueForField(String fieldName, Class clazz) {
switch (fieldName) {
case "ApplyServerSideEncryptionByDefault":
return Optional.ofNullable(clazz.cast(applyServerSideEncryptionByDefault()));
case "BucketKeyEnabled":
return Optional.ofNullable(clazz.cast(bucketKeyEnabled()));
default:
return Optional.empty();
}
}
@Override
public final List> sdkFields() {
return SDK_FIELDS;
}
private static Function getter(Function g) {
return obj -> g.apply((ServerSideEncryptionRule) obj);
}
private static BiConsumer setter(BiConsumer s) {
return (obj, val) -> s.accept((Builder) obj, val);
}
public interface Builder extends SdkPojo, CopyableBuilder {
/**
*
* Specifies the default server-side encryption to apply to new objects in the bucket. If a PUT Object request
* doesn't specify any server-side encryption, this default encryption will be applied.
*
*
* @param applyServerSideEncryptionByDefault
* Specifies the default server-side encryption to apply to new objects in the bucket. If a PUT Object
* request doesn't specify any server-side encryption, this default encryption will be applied.
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder applyServerSideEncryptionByDefault(ServerSideEncryptionByDefault applyServerSideEncryptionByDefault);
/**
*
* Specifies the default server-side encryption to apply to new objects in the bucket. If a PUT Object request
* doesn't specify any server-side encryption, this default encryption will be applied.
*
* This is a convenience method that creates an instance of the {@link ServerSideEncryptionByDefault.Builder}
* avoiding the need to create one manually via {@link ServerSideEncryptionByDefault#builder()}.
*
*
* When the {@link Consumer} completes, {@link ServerSideEncryptionByDefault.Builder#build()} is called
* immediately and its result is passed to
* {@link #applyServerSideEncryptionByDefault(ServerSideEncryptionByDefault)}.
*
* @param applyServerSideEncryptionByDefault
* a consumer that will call methods on {@link ServerSideEncryptionByDefault.Builder}
* @return Returns a reference to this object so that method calls can be chained together.
* @see #applyServerSideEncryptionByDefault(ServerSideEncryptionByDefault)
*/
default Builder applyServerSideEncryptionByDefault(
Consumer applyServerSideEncryptionByDefault) {
return applyServerSideEncryptionByDefault(ServerSideEncryptionByDefault.builder()
.applyMutation(applyServerSideEncryptionByDefault).build());
}
/**
*
* Specifies whether Amazon S3 should use an S3 Bucket Key with server-side encryption using KMS (SSE-KMS) for
* new objects in the bucket. Existing objects are not affected. Setting the BucketKeyEnabled
* element to true causes Amazon S3 to use an S3 Bucket Key.
*
*
*
* -
*
* General purpose buckets - By default, S3 Bucket Key is not enabled. For more information, see Amazon S3 Bucket Keys in the
* Amazon S3 User Guide.
*
*
* -
*
* Directory buckets - S3 Bucket Keys are always enabled for GET and PUT
* operations in a directory bucket and can’t be disabled. S3 Bucket Keys aren't supported, when you copy
* SSE-KMS encrypted objects from general purpose buckets to directory buckets, from directory buckets to
* general purpose buckets, or between directory buckets, through CopyObject, UploadPartCopy, the Copy
* operation in Batch Operations, or the import jobs. In this
* case, Amazon S3 makes a call to KMS every time a copy request is made for a KMS-encrypted object.
*
*
*
*
*
* @param bucketKeyEnabled
* Specifies whether Amazon S3 should use an S3 Bucket Key with server-side encryption using KMS
* (SSE-KMS) for new objects in the bucket. Existing objects are not affected. Setting the
* BucketKeyEnabled element to true causes Amazon S3 to use an S3 Bucket Key.
*
*
* -
*
* General purpose buckets - By default, S3 Bucket Key is not enabled. For more information, see
* Amazon S3 Bucket Keys in
* the Amazon S3 User Guide.
*
*
* -
*
* Directory buckets - S3 Bucket Keys are always enabled for GET and PUT
* operations in a directory bucket and can’t be disabled. S3 Bucket Keys aren't supported, when you copy
* SSE-KMS encrypted objects from general purpose buckets to directory buckets, from directory buckets to
* general purpose buckets, or between directory buckets, through CopyObject, UploadPartCopy, the
* Copy operation in Batch Operations, or the import jobs. In
* this case, Amazon S3 makes a call to KMS every time a copy request is made for a KMS-encrypted object.
*
*
*
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder bucketKeyEnabled(Boolean bucketKeyEnabled);
}
static final class BuilderImpl implements Builder {
private ServerSideEncryptionByDefault applyServerSideEncryptionByDefault;
private Boolean bucketKeyEnabled;
private BuilderImpl() {
}
private BuilderImpl(ServerSideEncryptionRule model) {
applyServerSideEncryptionByDefault(model.applyServerSideEncryptionByDefault);
bucketKeyEnabled(model.bucketKeyEnabled);
}
public final ServerSideEncryptionByDefault.Builder getApplyServerSideEncryptionByDefault() {
return applyServerSideEncryptionByDefault != null ? applyServerSideEncryptionByDefault.toBuilder() : null;
}
public final void setApplyServerSideEncryptionByDefault(
ServerSideEncryptionByDefault.BuilderImpl applyServerSideEncryptionByDefault) {
this.applyServerSideEncryptionByDefault = applyServerSideEncryptionByDefault != null ? applyServerSideEncryptionByDefault
.build() : null;
}
@Override
public final Builder applyServerSideEncryptionByDefault(ServerSideEncryptionByDefault applyServerSideEncryptionByDefault) {
this.applyServerSideEncryptionByDefault = applyServerSideEncryptionByDefault;
return this;
}
public final Boolean getBucketKeyEnabled() {
return bucketKeyEnabled;
}
public final void setBucketKeyEnabled(Boolean bucketKeyEnabled) {
this.bucketKeyEnabled = bucketKeyEnabled;
}
@Override
public final Builder bucketKeyEnabled(Boolean bucketKeyEnabled) {
this.bucketKeyEnabled = bucketKeyEnabled;
return this;
}
@Override
public ServerSideEncryptionRule build() {
return new ServerSideEncryptionRule(this);
}
@Override
public List> sdkFields() {
return SDK_FIELDS;
}
}
}