lib/aliyun_oss/bucket/encryption.ex

defmodule Aliyun.Oss.Bucket.Encryption do
  @moduledoc """
  Bucket operations - Encryption.
  """

  import Aliyun.Oss.Bucket, only: [get_bucket: 4, put_bucket: 5, delete_bucket: 3]
  alias Aliyun.Oss.Config
  alias Aliyun.Oss.Client.{Response, Error}

  @type error() ::
          %Error{body: String.t(), status_code: integer(), parsed_details: map()} | atom()

  @doc """
  GetBucketEncryption - gets the encryption rules configured for a bucket.

  ## Examples

      iex> Aliyun.Oss.Bucket.Encryption.get("some-bucket")
      {:ok, %Aliyun.Oss.Client.Response{
        data: %{
          "ServerSideEncryptionRule" => %{
            "ApplyServerSideEncryptionByDefault" => %{
              "SSEAlgorithm" => "AES256"
            }
          }
        },
        headers: [
          {"Date", "Wed, 05 Dec 2018 02:34:57 GMT"},
          ...
        ]
      }}

  """
  @spec get(Config.t(), String.t()) :: {:error, error()} | {:ok, Response.t()}
  def get(config, bucket) do
    get_bucket(config, bucket, %{}, %{"encryption" => nil})
  end

  @doc """
  PutBucketEncryption - configures encryption rules for a bucket.

  ## Options

  - `:algorithm` - Accept value: `:aes256`, `:kms`, default is `:aes256`
  - `:kms_master_key_id` - Should and only be set if algorithm is `:kms`

  ## Examples

      iex> Aliyun.Oss.Bucket.Encryption.put("some-bucket", algorithm: :aes256)
      {:ok,
      %Aliyun.Oss.Client.Response{
        data: "",
        headers: [
          {"Server", "AliyunOSS"},
          {"Date", "Fri, 11 Jan 2019 05:05:50 GMT"},
          {"Content-Length", "0"},
          {"Connection", "keep-alive"},
          {"x-oss-request-id", "5C0000000000000000000000"},
          {"x-oss-server-time", "63"}
        ]
      }}

  """
  @body_tmpl """
  <?xml version="1.0" encoding="UTF-8"?>
  <ServerSideEncryptionRule>
    <ApplyServerSideEncryptionByDefault>
      <SSEAlgorithm><%= algorithm %></SSEAlgorithm>
      <KMSMasterKeyID><%= kms_master_key_id %></KMSMasterKeyID>
    </ApplyServerSideEncryptionByDefault>
  </ServerSideEncryptionRule>
  """
  @spec put(Config.t(), String.t(), Keyword.t()) ::
          {:error, error()} | {:ok, Aliyun.Oss.Client.Response.t()}
  def put(config, bucket, opts \\ []) do
    {algorithm, kms_master_key_id} =
      case Keyword.get(opts, :algorithm, :aes256) do
        :aes256 -> {"AES256", nil}
        :kms -> {"KMS", Keyword.fetch!(opts, :kms_master_key_id)}
      end

    xml_body =
      EEx.eval_string(
        @body_tmpl,
        algorithm: algorithm,
        kms_master_key_id: kms_master_key_id
      )

    put_bucket(config, bucket, %{}, %{"encryption" => nil}, xml_body)
  end

  @doc """
  DeleteBucketEncryption - deletes encryption rules configured for a bucket.

  ## Examples

      iex> Aliyun.Oss.Bucket.Encryption.delete("some-bucket")
      {:ok,
      %Aliyun.Oss.Client.Response{
        data: "",
        headers: [
          {"Server", "AliyunOSS"},
          {"Date", "Fri, 11 Jan 2019 05:19:45 GMT"},
          {"Content-Length", "0"},
          {"Connection", "keep-alive"},
          {"x-oss-request-id", "5C3000000000000000000000"},
          {"x-oss-server-time", "90"}
        ]
      }}

  """
  @spec delete(Config.t(), String.t()) ::
          {:error, error()} | {:ok, Aliyun.Oss.Client.Response.t()}
  def delete(config, bucket) do
    delete_bucket(config, bucket, %{"encryption" => nil})
  end
end