aws_sdk_kms/operation/re_encrypt/_re_encrypt_input.rs
1// Code generated by software.amazon.smithy.rust.codegen.smithy-rs. DO NOT EDIT.
2#[allow(missing_docs)] // documentation missing in model
3#[non_exhaustive]
4#[derive(::std::clone::Clone, ::std::cmp::PartialEq, ::std::fmt::Debug)]
5pub struct ReEncryptInput {
6 /// <p>Ciphertext of the data to reencrypt.</p>
7 /// <p>This parameter is required in all cases except when <code>DryRun</code> is <code>true</code> and <code>DryRunModifiers</code> is set to <code>IGNORE_CIPHERTEXT</code>.</p>
8 pub ciphertext_blob: ::std::option::Option<::aws_smithy_types::Blob>,
9 /// <p>Specifies the encryption context to use to decrypt the ciphertext. Enter the same encryption context that was used to encrypt the ciphertext.</p>
10 /// <p>An <i>encryption context</i> is a collection of non-secret key-value pairs that represent additional authenticated data. When you use an encryption context to encrypt data, you must specify the same (an exact case-sensitive match) encryption context to decrypt the data. An encryption context is supported only on operations with symmetric encryption KMS keys. On operations with symmetric encryption KMS keys, an encryption context is optional, but it is strongly recommended.</p>
11 /// <p>For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/encrypt_context.html">Encryption context</a> in the <i>Key Management Service Developer Guide</i>.</p>
12 pub source_encryption_context: ::std::option::Option<::std::collections::HashMap<::std::string::String, ::std::string::String>>,
13 /// <p>Specifies the KMS key that KMS will use to decrypt the ciphertext before it is re-encrypted.</p>
14 /// <p>Enter a key ID of the KMS key that was used to encrypt the ciphertext. If you identify a different KMS key, the <code>ReEncrypt</code> operation throws an <code>IncorrectKeyException</code>.</p>
15 /// <p>This parameter is required only when the ciphertext was encrypted under an asymmetric KMS key or when <code>DryRun</code> is <code>true</code> and <code>DryRunModifiers</code> is set to <code>IGNORE_CIPHERTEXT</code>. If you used a symmetric encryption KMS key, KMS can get the KMS key from metadata that it adds to the symmetric ciphertext blob. However, it is always recommended as a best practice. This practice ensures that you use the KMS key that you intend.</p>
16 /// <p>To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with <code>"alias/"</code>. To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN.</p>
17 /// <p>For example:</p>
18 /// <ul>
19 /// <li>
20 /// <p>Key ID: <code>1234abcd-12ab-34cd-56ef-1234567890ab</code></p></li>
21 /// <li>
22 /// <p>Key ARN: <code>arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab</code></p></li>
23 /// <li>
24 /// <p>Alias name: <code>alias/ExampleAlias</code></p></li>
25 /// <li>
26 /// <p>Alias ARN: <code>arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias</code></p></li>
27 /// </ul>
28 /// <p>To get the key ID and key ARN for a KMS key, use <code>ListKeys</code> or <code>DescribeKey</code>. To get the alias name and alias ARN, use <code>ListAliases</code>.</p>
29 pub source_key_id: ::std::option::Option<::std::string::String>,
30 /// <p>A unique identifier for the KMS key that is used to reencrypt the data. Specify a symmetric encryption KMS key or an asymmetric KMS key with a <code>KeyUsage</code> value of <code>ENCRYPT_DECRYPT</code>. To find the <code>KeyUsage</code> value of a KMS key, use the <code>DescribeKey</code> operation.</p>
31 /// <p>To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with <code>"alias/"</code>. To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN.</p>
32 /// <p>For example:</p>
33 /// <ul>
34 /// <li>
35 /// <p>Key ID: <code>1234abcd-12ab-34cd-56ef-1234567890ab</code></p></li>
36 /// <li>
37 /// <p>Key ARN: <code>arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab</code></p></li>
38 /// <li>
39 /// <p>Alias name: <code>alias/ExampleAlias</code></p></li>
40 /// <li>
41 /// <p>Alias ARN: <code>arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias</code></p></li>
42 /// </ul>
43 /// <p>To get the key ID and key ARN for a KMS key, use <code>ListKeys</code> or <code>DescribeKey</code>. To get the alias name and alias ARN, use <code>ListAliases</code>.</p>
44 pub destination_key_id: ::std::option::Option<::std::string::String>,
45 /// <p>Specifies that encryption context to use when the reencrypting the data.</p><important>
46 /// <p>Do not include confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.</p>
47 /// </important>
48 /// <p>A destination encryption context is valid only when the destination KMS key is a symmetric encryption KMS key. The standard ciphertext format for asymmetric KMS keys does not include fields for metadata.</p>
49 /// <p>An <i>encryption context</i> is a collection of non-secret key-value pairs that represent additional authenticated data. When you use an encryption context to encrypt data, you must specify the same (an exact case-sensitive match) encryption context to decrypt the data. An encryption context is supported only on operations with symmetric encryption KMS keys. On operations with symmetric encryption KMS keys, an encryption context is optional, but it is strongly recommended.</p>
50 /// <p>For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/encrypt_context.html">Encryption context</a> in the <i>Key Management Service Developer Guide</i>.</p>
51 pub destination_encryption_context: ::std::option::Option<::std::collections::HashMap<::std::string::String, ::std::string::String>>,
52 /// <p>Specifies the encryption algorithm that KMS will use to decrypt the ciphertext before it is reencrypted. The default value, <code>SYMMETRIC_DEFAULT</code>, represents the algorithm used for symmetric encryption KMS keys.</p>
53 /// <p>Specify the same algorithm that was used to encrypt the ciphertext. If you specify a different algorithm, the decrypt attempt fails.</p>
54 /// <p>This parameter is required only when the ciphertext was encrypted under an asymmetric KMS key.</p>
55 pub source_encryption_algorithm: ::std::option::Option<crate::types::EncryptionAlgorithmSpec>,
56 /// <p>Specifies the encryption algorithm that KMS will use to reecrypt the data after it has decrypted it. The default value, <code>SYMMETRIC_DEFAULT</code>, represents the encryption algorithm used for symmetric encryption KMS keys.</p>
57 /// <p>This parameter is required only when the destination KMS key is an asymmetric KMS key.</p>
58 pub destination_encryption_algorithm: ::std::option::Option<crate::types::EncryptionAlgorithmSpec>,
59 /// <p>A list of grant tokens.</p>
60 /// <p>Use a grant token when your permission to call this operation comes from a new grant that has not yet achieved <i>eventual consistency</i>. For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token">Grant token</a> and <a href="https://docs.aws.amazon.com/kms/latest/developerguide/using-grant-token.html">Using a grant token</a> in the <i>Key Management Service Developer Guide</i>.</p>
61 pub grant_tokens: ::std::option::Option<::std::vec::Vec<::std::string::String>>,
62 /// <p>Checks if your request will succeed. <code>DryRun</code> is an optional parameter.</p>
63 /// <p>To learn more about how to use this parameter, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/testing-permissions.html">Testing your permissions</a> in the <i>Key Management Service Developer Guide</i>.</p>
64 pub dry_run: ::std::option::Option<bool>,
65 /// <p>Specifies the modifiers to apply to the dry run operation. <code>DryRunModifiers</code> is an optional parameter that only applies when <code>DryRun</code> is set to <code>true</code>.</p>
66 /// <p>When set to <code>IGNORE_CIPHERTEXT</code>, KMS performs only authorization validation without ciphertext validation. This allows you to test permissions without requiring a valid ciphertext blob.</p>
67 /// <p>To learn more about how to use this parameter, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/testing-permissions.html">Testing your permissions</a> in the <i>Key Management Service Developer Guide</i>.</p>
68 pub dry_run_modifiers: ::std::option::Option<::std::vec::Vec<crate::types::DryRunModifierType>>,
69}
70impl ReEncryptInput {
71 /// <p>Ciphertext of the data to reencrypt.</p>
72 /// <p>This parameter is required in all cases except when <code>DryRun</code> is <code>true</code> and <code>DryRunModifiers</code> is set to <code>IGNORE_CIPHERTEXT</code>.</p>
73 pub fn ciphertext_blob(&self) -> ::std::option::Option<&::aws_smithy_types::Blob> {
74 self.ciphertext_blob.as_ref()
75 }
76 /// <p>Specifies the encryption context to use to decrypt the ciphertext. Enter the same encryption context that was used to encrypt the ciphertext.</p>
77 /// <p>An <i>encryption context</i> is a collection of non-secret key-value pairs that represent additional authenticated data. When you use an encryption context to encrypt data, you must specify the same (an exact case-sensitive match) encryption context to decrypt the data. An encryption context is supported only on operations with symmetric encryption KMS keys. On operations with symmetric encryption KMS keys, an encryption context is optional, but it is strongly recommended.</p>
78 /// <p>For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/encrypt_context.html">Encryption context</a> in the <i>Key Management Service Developer Guide</i>.</p>
79 pub fn source_encryption_context(&self) -> ::std::option::Option<&::std::collections::HashMap<::std::string::String, ::std::string::String>> {
80 self.source_encryption_context.as_ref()
81 }
82 /// <p>Specifies the KMS key that KMS will use to decrypt the ciphertext before it is re-encrypted.</p>
83 /// <p>Enter a key ID of the KMS key that was used to encrypt the ciphertext. If you identify a different KMS key, the <code>ReEncrypt</code> operation throws an <code>IncorrectKeyException</code>.</p>
84 /// <p>This parameter is required only when the ciphertext was encrypted under an asymmetric KMS key or when <code>DryRun</code> is <code>true</code> and <code>DryRunModifiers</code> is set to <code>IGNORE_CIPHERTEXT</code>. If you used a symmetric encryption KMS key, KMS can get the KMS key from metadata that it adds to the symmetric ciphertext blob. However, it is always recommended as a best practice. This practice ensures that you use the KMS key that you intend.</p>
85 /// <p>To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with <code>"alias/"</code>. To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN.</p>
86 /// <p>For example:</p>
87 /// <ul>
88 /// <li>
89 /// <p>Key ID: <code>1234abcd-12ab-34cd-56ef-1234567890ab</code></p></li>
90 /// <li>
91 /// <p>Key ARN: <code>arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab</code></p></li>
92 /// <li>
93 /// <p>Alias name: <code>alias/ExampleAlias</code></p></li>
94 /// <li>
95 /// <p>Alias ARN: <code>arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias</code></p></li>
96 /// </ul>
97 /// <p>To get the key ID and key ARN for a KMS key, use <code>ListKeys</code> or <code>DescribeKey</code>. To get the alias name and alias ARN, use <code>ListAliases</code>.</p>
98 pub fn source_key_id(&self) -> ::std::option::Option<&str> {
99 self.source_key_id.as_deref()
100 }
101 /// <p>A unique identifier for the KMS key that is used to reencrypt the data. Specify a symmetric encryption KMS key or an asymmetric KMS key with a <code>KeyUsage</code> value of <code>ENCRYPT_DECRYPT</code>. To find the <code>KeyUsage</code> value of a KMS key, use the <code>DescribeKey</code> operation.</p>
102 /// <p>To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with <code>"alias/"</code>. To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN.</p>
103 /// <p>For example:</p>
104 /// <ul>
105 /// <li>
106 /// <p>Key ID: <code>1234abcd-12ab-34cd-56ef-1234567890ab</code></p></li>
107 /// <li>
108 /// <p>Key ARN: <code>arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab</code></p></li>
109 /// <li>
110 /// <p>Alias name: <code>alias/ExampleAlias</code></p></li>
111 /// <li>
112 /// <p>Alias ARN: <code>arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias</code></p></li>
113 /// </ul>
114 /// <p>To get the key ID and key ARN for a KMS key, use <code>ListKeys</code> or <code>DescribeKey</code>. To get the alias name and alias ARN, use <code>ListAliases</code>.</p>
115 pub fn destination_key_id(&self) -> ::std::option::Option<&str> {
116 self.destination_key_id.as_deref()
117 }
118 /// <p>Specifies that encryption context to use when the reencrypting the data.</p><important>
119 /// <p>Do not include confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.</p>
120 /// </important>
121 /// <p>A destination encryption context is valid only when the destination KMS key is a symmetric encryption KMS key. The standard ciphertext format for asymmetric KMS keys does not include fields for metadata.</p>
122 /// <p>An <i>encryption context</i> is a collection of non-secret key-value pairs that represent additional authenticated data. When you use an encryption context to encrypt data, you must specify the same (an exact case-sensitive match) encryption context to decrypt the data. An encryption context is supported only on operations with symmetric encryption KMS keys. On operations with symmetric encryption KMS keys, an encryption context is optional, but it is strongly recommended.</p>
123 /// <p>For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/encrypt_context.html">Encryption context</a> in the <i>Key Management Service Developer Guide</i>.</p>
124 pub fn destination_encryption_context(
125 &self,
126 ) -> ::std::option::Option<&::std::collections::HashMap<::std::string::String, ::std::string::String>> {
127 self.destination_encryption_context.as_ref()
128 }
129 /// <p>Specifies the encryption algorithm that KMS will use to decrypt the ciphertext before it is reencrypted. The default value, <code>SYMMETRIC_DEFAULT</code>, represents the algorithm used for symmetric encryption KMS keys.</p>
130 /// <p>Specify the same algorithm that was used to encrypt the ciphertext. If you specify a different algorithm, the decrypt attempt fails.</p>
131 /// <p>This parameter is required only when the ciphertext was encrypted under an asymmetric KMS key.</p>
132 pub fn source_encryption_algorithm(&self) -> ::std::option::Option<&crate::types::EncryptionAlgorithmSpec> {
133 self.source_encryption_algorithm.as_ref()
134 }
135 /// <p>Specifies the encryption algorithm that KMS will use to reecrypt the data after it has decrypted it. The default value, <code>SYMMETRIC_DEFAULT</code>, represents the encryption algorithm used for symmetric encryption KMS keys.</p>
136 /// <p>This parameter is required only when the destination KMS key is an asymmetric KMS key.</p>
137 pub fn destination_encryption_algorithm(&self) -> ::std::option::Option<&crate::types::EncryptionAlgorithmSpec> {
138 self.destination_encryption_algorithm.as_ref()
139 }
140 /// <p>A list of grant tokens.</p>
141 /// <p>Use a grant token when your permission to call this operation comes from a new grant that has not yet achieved <i>eventual consistency</i>. For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token">Grant token</a> and <a href="https://docs.aws.amazon.com/kms/latest/developerguide/using-grant-token.html">Using a grant token</a> in the <i>Key Management Service Developer Guide</i>.</p>
142 ///
143 /// If no value was sent for this field, a default will be set. If you want to determine if no value was sent, use `.grant_tokens.is_none()`.
144 pub fn grant_tokens(&self) -> &[::std::string::String] {
145 self.grant_tokens.as_deref().unwrap_or_default()
146 }
147 /// <p>Checks if your request will succeed. <code>DryRun</code> is an optional parameter.</p>
148 /// <p>To learn more about how to use this parameter, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/testing-permissions.html">Testing your permissions</a> in the <i>Key Management Service Developer Guide</i>.</p>
149 pub fn dry_run(&self) -> ::std::option::Option<bool> {
150 self.dry_run
151 }
152 /// <p>Specifies the modifiers to apply to the dry run operation. <code>DryRunModifiers</code> is an optional parameter that only applies when <code>DryRun</code> is set to <code>true</code>.</p>
153 /// <p>When set to <code>IGNORE_CIPHERTEXT</code>, KMS performs only authorization validation without ciphertext validation. This allows you to test permissions without requiring a valid ciphertext blob.</p>
154 /// <p>To learn more about how to use this parameter, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/testing-permissions.html">Testing your permissions</a> in the <i>Key Management Service Developer Guide</i>.</p>
155 ///
156 /// If no value was sent for this field, a default will be set. If you want to determine if no value was sent, use `.dry_run_modifiers.is_none()`.
157 pub fn dry_run_modifiers(&self) -> &[crate::types::DryRunModifierType] {
158 self.dry_run_modifiers.as_deref().unwrap_or_default()
159 }
160}
161impl ReEncryptInput {
162 /// Creates a new builder-style object to manufacture [`ReEncryptInput`](crate::operation::re_encrypt::ReEncryptInput).
163 pub fn builder() -> crate::operation::re_encrypt::builders::ReEncryptInputBuilder {
164 crate::operation::re_encrypt::builders::ReEncryptInputBuilder::default()
165 }
166}
167
168/// A builder for [`ReEncryptInput`](crate::operation::re_encrypt::ReEncryptInput).
169#[derive(::std::clone::Clone, ::std::cmp::PartialEq, ::std::default::Default, ::std::fmt::Debug)]
170#[non_exhaustive]
171pub struct ReEncryptInputBuilder {
172 pub(crate) ciphertext_blob: ::std::option::Option<::aws_smithy_types::Blob>,
173 pub(crate) source_encryption_context: ::std::option::Option<::std::collections::HashMap<::std::string::String, ::std::string::String>>,
174 pub(crate) source_key_id: ::std::option::Option<::std::string::String>,
175 pub(crate) destination_key_id: ::std::option::Option<::std::string::String>,
176 pub(crate) destination_encryption_context: ::std::option::Option<::std::collections::HashMap<::std::string::String, ::std::string::String>>,
177 pub(crate) source_encryption_algorithm: ::std::option::Option<crate::types::EncryptionAlgorithmSpec>,
178 pub(crate) destination_encryption_algorithm: ::std::option::Option<crate::types::EncryptionAlgorithmSpec>,
179 pub(crate) grant_tokens: ::std::option::Option<::std::vec::Vec<::std::string::String>>,
180 pub(crate) dry_run: ::std::option::Option<bool>,
181 pub(crate) dry_run_modifiers: ::std::option::Option<::std::vec::Vec<crate::types::DryRunModifierType>>,
182}
183impl ReEncryptInputBuilder {
184 /// <p>Ciphertext of the data to reencrypt.</p>
185 /// <p>This parameter is required in all cases except when <code>DryRun</code> is <code>true</code> and <code>DryRunModifiers</code> is set to <code>IGNORE_CIPHERTEXT</code>.</p>
186 pub fn ciphertext_blob(mut self, input: ::aws_smithy_types::Blob) -> Self {
187 self.ciphertext_blob = ::std::option::Option::Some(input);
188 self
189 }
190 /// <p>Ciphertext of the data to reencrypt.</p>
191 /// <p>This parameter is required in all cases except when <code>DryRun</code> is <code>true</code> and <code>DryRunModifiers</code> is set to <code>IGNORE_CIPHERTEXT</code>.</p>
192 pub fn set_ciphertext_blob(mut self, input: ::std::option::Option<::aws_smithy_types::Blob>) -> Self {
193 self.ciphertext_blob = input;
194 self
195 }
196 /// <p>Ciphertext of the data to reencrypt.</p>
197 /// <p>This parameter is required in all cases except when <code>DryRun</code> is <code>true</code> and <code>DryRunModifiers</code> is set to <code>IGNORE_CIPHERTEXT</code>.</p>
198 pub fn get_ciphertext_blob(&self) -> &::std::option::Option<::aws_smithy_types::Blob> {
199 &self.ciphertext_blob
200 }
201 /// Adds a key-value pair to `source_encryption_context`.
202 ///
203 /// To override the contents of this collection use [`set_source_encryption_context`](Self::set_source_encryption_context).
204 ///
205 /// <p>Specifies the encryption context to use to decrypt the ciphertext. Enter the same encryption context that was used to encrypt the ciphertext.</p>
206 /// <p>An <i>encryption context</i> is a collection of non-secret key-value pairs that represent additional authenticated data. When you use an encryption context to encrypt data, you must specify the same (an exact case-sensitive match) encryption context to decrypt the data. An encryption context is supported only on operations with symmetric encryption KMS keys. On operations with symmetric encryption KMS keys, an encryption context is optional, but it is strongly recommended.</p>
207 /// <p>For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/encrypt_context.html">Encryption context</a> in the <i>Key Management Service Developer Guide</i>.</p>
208 pub fn source_encryption_context(
209 mut self,
210 k: impl ::std::convert::Into<::std::string::String>,
211 v: impl ::std::convert::Into<::std::string::String>,
212 ) -> Self {
213 let mut hash_map = self.source_encryption_context.unwrap_or_default();
214 hash_map.insert(k.into(), v.into());
215 self.source_encryption_context = ::std::option::Option::Some(hash_map);
216 self
217 }
218 /// <p>Specifies the encryption context to use to decrypt the ciphertext. Enter the same encryption context that was used to encrypt the ciphertext.</p>
219 /// <p>An <i>encryption context</i> is a collection of non-secret key-value pairs that represent additional authenticated data. When you use an encryption context to encrypt data, you must specify the same (an exact case-sensitive match) encryption context to decrypt the data. An encryption context is supported only on operations with symmetric encryption KMS keys. On operations with symmetric encryption KMS keys, an encryption context is optional, but it is strongly recommended.</p>
220 /// <p>For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/encrypt_context.html">Encryption context</a> in the <i>Key Management Service Developer Guide</i>.</p>
221 pub fn set_source_encryption_context(
222 mut self,
223 input: ::std::option::Option<::std::collections::HashMap<::std::string::String, ::std::string::String>>,
224 ) -> Self {
225 self.source_encryption_context = input;
226 self
227 }
228 /// <p>Specifies the encryption context to use to decrypt the ciphertext. Enter the same encryption context that was used to encrypt the ciphertext.</p>
229 /// <p>An <i>encryption context</i> is a collection of non-secret key-value pairs that represent additional authenticated data. When you use an encryption context to encrypt data, you must specify the same (an exact case-sensitive match) encryption context to decrypt the data. An encryption context is supported only on operations with symmetric encryption KMS keys. On operations with symmetric encryption KMS keys, an encryption context is optional, but it is strongly recommended.</p>
230 /// <p>For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/encrypt_context.html">Encryption context</a> in the <i>Key Management Service Developer Guide</i>.</p>
231 pub fn get_source_encryption_context(&self) -> &::std::option::Option<::std::collections::HashMap<::std::string::String, ::std::string::String>> {
232 &self.source_encryption_context
233 }
234 /// <p>Specifies the KMS key that KMS will use to decrypt the ciphertext before it is re-encrypted.</p>
235 /// <p>Enter a key ID of the KMS key that was used to encrypt the ciphertext. If you identify a different KMS key, the <code>ReEncrypt</code> operation throws an <code>IncorrectKeyException</code>.</p>
236 /// <p>This parameter is required only when the ciphertext was encrypted under an asymmetric KMS key or when <code>DryRun</code> is <code>true</code> and <code>DryRunModifiers</code> is set to <code>IGNORE_CIPHERTEXT</code>. If you used a symmetric encryption KMS key, KMS can get the KMS key from metadata that it adds to the symmetric ciphertext blob. However, it is always recommended as a best practice. This practice ensures that you use the KMS key that you intend.</p>
237 /// <p>To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with <code>"alias/"</code>. To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN.</p>
238 /// <p>For example:</p>
239 /// <ul>
240 /// <li>
241 /// <p>Key ID: <code>1234abcd-12ab-34cd-56ef-1234567890ab</code></p></li>
242 /// <li>
243 /// <p>Key ARN: <code>arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab</code></p></li>
244 /// <li>
245 /// <p>Alias name: <code>alias/ExampleAlias</code></p></li>
246 /// <li>
247 /// <p>Alias ARN: <code>arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias</code></p></li>
248 /// </ul>
249 /// <p>To get the key ID and key ARN for a KMS key, use <code>ListKeys</code> or <code>DescribeKey</code>. To get the alias name and alias ARN, use <code>ListAliases</code>.</p>
250 pub fn source_key_id(mut self, input: impl ::std::convert::Into<::std::string::String>) -> Self {
251 self.source_key_id = ::std::option::Option::Some(input.into());
252 self
253 }
254 /// <p>Specifies the KMS key that KMS will use to decrypt the ciphertext before it is re-encrypted.</p>
255 /// <p>Enter a key ID of the KMS key that was used to encrypt the ciphertext. If you identify a different KMS key, the <code>ReEncrypt</code> operation throws an <code>IncorrectKeyException</code>.</p>
256 /// <p>This parameter is required only when the ciphertext was encrypted under an asymmetric KMS key or when <code>DryRun</code> is <code>true</code> and <code>DryRunModifiers</code> is set to <code>IGNORE_CIPHERTEXT</code>. If you used a symmetric encryption KMS key, KMS can get the KMS key from metadata that it adds to the symmetric ciphertext blob. However, it is always recommended as a best practice. This practice ensures that you use the KMS key that you intend.</p>
257 /// <p>To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with <code>"alias/"</code>. To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN.</p>
258 /// <p>For example:</p>
259 /// <ul>
260 /// <li>
261 /// <p>Key ID: <code>1234abcd-12ab-34cd-56ef-1234567890ab</code></p></li>
262 /// <li>
263 /// <p>Key ARN: <code>arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab</code></p></li>
264 /// <li>
265 /// <p>Alias name: <code>alias/ExampleAlias</code></p></li>
266 /// <li>
267 /// <p>Alias ARN: <code>arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias</code></p></li>
268 /// </ul>
269 /// <p>To get the key ID and key ARN for a KMS key, use <code>ListKeys</code> or <code>DescribeKey</code>. To get the alias name and alias ARN, use <code>ListAliases</code>.</p>
270 pub fn set_source_key_id(mut self, input: ::std::option::Option<::std::string::String>) -> Self {
271 self.source_key_id = input;
272 self
273 }
274 /// <p>Specifies the KMS key that KMS will use to decrypt the ciphertext before it is re-encrypted.</p>
275 /// <p>Enter a key ID of the KMS key that was used to encrypt the ciphertext. If you identify a different KMS key, the <code>ReEncrypt</code> operation throws an <code>IncorrectKeyException</code>.</p>
276 /// <p>This parameter is required only when the ciphertext was encrypted under an asymmetric KMS key or when <code>DryRun</code> is <code>true</code> and <code>DryRunModifiers</code> is set to <code>IGNORE_CIPHERTEXT</code>. If you used a symmetric encryption KMS key, KMS can get the KMS key from metadata that it adds to the symmetric ciphertext blob. However, it is always recommended as a best practice. This practice ensures that you use the KMS key that you intend.</p>
277 /// <p>To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with <code>"alias/"</code>. To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN.</p>
278 /// <p>For example:</p>
279 /// <ul>
280 /// <li>
281 /// <p>Key ID: <code>1234abcd-12ab-34cd-56ef-1234567890ab</code></p></li>
282 /// <li>
283 /// <p>Key ARN: <code>arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab</code></p></li>
284 /// <li>
285 /// <p>Alias name: <code>alias/ExampleAlias</code></p></li>
286 /// <li>
287 /// <p>Alias ARN: <code>arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias</code></p></li>
288 /// </ul>
289 /// <p>To get the key ID and key ARN for a KMS key, use <code>ListKeys</code> or <code>DescribeKey</code>. To get the alias name and alias ARN, use <code>ListAliases</code>.</p>
290 pub fn get_source_key_id(&self) -> &::std::option::Option<::std::string::String> {
291 &self.source_key_id
292 }
293 /// <p>A unique identifier for the KMS key that is used to reencrypt the data. Specify a symmetric encryption KMS key or an asymmetric KMS key with a <code>KeyUsage</code> value of <code>ENCRYPT_DECRYPT</code>. To find the <code>KeyUsage</code> value of a KMS key, use the <code>DescribeKey</code> operation.</p>
294 /// <p>To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with <code>"alias/"</code>. To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN.</p>
295 /// <p>For example:</p>
296 /// <ul>
297 /// <li>
298 /// <p>Key ID: <code>1234abcd-12ab-34cd-56ef-1234567890ab</code></p></li>
299 /// <li>
300 /// <p>Key ARN: <code>arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab</code></p></li>
301 /// <li>
302 /// <p>Alias name: <code>alias/ExampleAlias</code></p></li>
303 /// <li>
304 /// <p>Alias ARN: <code>arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias</code></p></li>
305 /// </ul>
306 /// <p>To get the key ID and key ARN for a KMS key, use <code>ListKeys</code> or <code>DescribeKey</code>. To get the alias name and alias ARN, use <code>ListAliases</code>.</p>
307 /// This field is required.
308 pub fn destination_key_id(mut self, input: impl ::std::convert::Into<::std::string::String>) -> Self {
309 self.destination_key_id = ::std::option::Option::Some(input.into());
310 self
311 }
312 /// <p>A unique identifier for the KMS key that is used to reencrypt the data. Specify a symmetric encryption KMS key or an asymmetric KMS key with a <code>KeyUsage</code> value of <code>ENCRYPT_DECRYPT</code>. To find the <code>KeyUsage</code> value of a KMS key, use the <code>DescribeKey</code> operation.</p>
313 /// <p>To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with <code>"alias/"</code>. To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN.</p>
314 /// <p>For example:</p>
315 /// <ul>
316 /// <li>
317 /// <p>Key ID: <code>1234abcd-12ab-34cd-56ef-1234567890ab</code></p></li>
318 /// <li>
319 /// <p>Key ARN: <code>arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab</code></p></li>
320 /// <li>
321 /// <p>Alias name: <code>alias/ExampleAlias</code></p></li>
322 /// <li>
323 /// <p>Alias ARN: <code>arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias</code></p></li>
324 /// </ul>
325 /// <p>To get the key ID and key ARN for a KMS key, use <code>ListKeys</code> or <code>DescribeKey</code>. To get the alias name and alias ARN, use <code>ListAliases</code>.</p>
326 pub fn set_destination_key_id(mut self, input: ::std::option::Option<::std::string::String>) -> Self {
327 self.destination_key_id = input;
328 self
329 }
330 /// <p>A unique identifier for the KMS key that is used to reencrypt the data. Specify a symmetric encryption KMS key or an asymmetric KMS key with a <code>KeyUsage</code> value of <code>ENCRYPT_DECRYPT</code>. To find the <code>KeyUsage</code> value of a KMS key, use the <code>DescribeKey</code> operation.</p>
331 /// <p>To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with <code>"alias/"</code>. To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN.</p>
332 /// <p>For example:</p>
333 /// <ul>
334 /// <li>
335 /// <p>Key ID: <code>1234abcd-12ab-34cd-56ef-1234567890ab</code></p></li>
336 /// <li>
337 /// <p>Key ARN: <code>arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab</code></p></li>
338 /// <li>
339 /// <p>Alias name: <code>alias/ExampleAlias</code></p></li>
340 /// <li>
341 /// <p>Alias ARN: <code>arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias</code></p></li>
342 /// </ul>
343 /// <p>To get the key ID and key ARN for a KMS key, use <code>ListKeys</code> or <code>DescribeKey</code>. To get the alias name and alias ARN, use <code>ListAliases</code>.</p>
344 pub fn get_destination_key_id(&self) -> &::std::option::Option<::std::string::String> {
345 &self.destination_key_id
346 }
347 /// Adds a key-value pair to `destination_encryption_context`.
348 ///
349 /// To override the contents of this collection use [`set_destination_encryption_context`](Self::set_destination_encryption_context).
350 ///
351 /// <p>Specifies that encryption context to use when the reencrypting the data.</p><important>
352 /// <p>Do not include confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.</p>
353 /// </important>
354 /// <p>A destination encryption context is valid only when the destination KMS key is a symmetric encryption KMS key. The standard ciphertext format for asymmetric KMS keys does not include fields for metadata.</p>
355 /// <p>An <i>encryption context</i> is a collection of non-secret key-value pairs that represent additional authenticated data. When you use an encryption context to encrypt data, you must specify the same (an exact case-sensitive match) encryption context to decrypt the data. An encryption context is supported only on operations with symmetric encryption KMS keys. On operations with symmetric encryption KMS keys, an encryption context is optional, but it is strongly recommended.</p>
356 /// <p>For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/encrypt_context.html">Encryption context</a> in the <i>Key Management Service Developer Guide</i>.</p>
357 pub fn destination_encryption_context(
358 mut self,
359 k: impl ::std::convert::Into<::std::string::String>,
360 v: impl ::std::convert::Into<::std::string::String>,
361 ) -> Self {
362 let mut hash_map = self.destination_encryption_context.unwrap_or_default();
363 hash_map.insert(k.into(), v.into());
364 self.destination_encryption_context = ::std::option::Option::Some(hash_map);
365 self
366 }
367 /// <p>Specifies that encryption context to use when the reencrypting the data.</p><important>
368 /// <p>Do not include confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.</p>
369 /// </important>
370 /// <p>A destination encryption context is valid only when the destination KMS key is a symmetric encryption KMS key. The standard ciphertext format for asymmetric KMS keys does not include fields for metadata.</p>
371 /// <p>An <i>encryption context</i> is a collection of non-secret key-value pairs that represent additional authenticated data. When you use an encryption context to encrypt data, you must specify the same (an exact case-sensitive match) encryption context to decrypt the data. An encryption context is supported only on operations with symmetric encryption KMS keys. On operations with symmetric encryption KMS keys, an encryption context is optional, but it is strongly recommended.</p>
372 /// <p>For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/encrypt_context.html">Encryption context</a> in the <i>Key Management Service Developer Guide</i>.</p>
373 pub fn set_destination_encryption_context(
374 mut self,
375 input: ::std::option::Option<::std::collections::HashMap<::std::string::String, ::std::string::String>>,
376 ) -> Self {
377 self.destination_encryption_context = input;
378 self
379 }
380 /// <p>Specifies that encryption context to use when the reencrypting the data.</p><important>
381 /// <p>Do not include confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.</p>
382 /// </important>
383 /// <p>A destination encryption context is valid only when the destination KMS key is a symmetric encryption KMS key. The standard ciphertext format for asymmetric KMS keys does not include fields for metadata.</p>
384 /// <p>An <i>encryption context</i> is a collection of non-secret key-value pairs that represent additional authenticated data. When you use an encryption context to encrypt data, you must specify the same (an exact case-sensitive match) encryption context to decrypt the data. An encryption context is supported only on operations with symmetric encryption KMS keys. On operations with symmetric encryption KMS keys, an encryption context is optional, but it is strongly recommended.</p>
385 /// <p>For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/encrypt_context.html">Encryption context</a> in the <i>Key Management Service Developer Guide</i>.</p>
386 pub fn get_destination_encryption_context(
387 &self,
388 ) -> &::std::option::Option<::std::collections::HashMap<::std::string::String, ::std::string::String>> {
389 &self.destination_encryption_context
390 }
391 /// <p>Specifies the encryption algorithm that KMS will use to decrypt the ciphertext before it is reencrypted. The default value, <code>SYMMETRIC_DEFAULT</code>, represents the algorithm used for symmetric encryption KMS keys.</p>
392 /// <p>Specify the same algorithm that was used to encrypt the ciphertext. If you specify a different algorithm, the decrypt attempt fails.</p>
393 /// <p>This parameter is required only when the ciphertext was encrypted under an asymmetric KMS key.</p>
394 pub fn source_encryption_algorithm(mut self, input: crate::types::EncryptionAlgorithmSpec) -> Self {
395 self.source_encryption_algorithm = ::std::option::Option::Some(input);
396 self
397 }
398 /// <p>Specifies the encryption algorithm that KMS will use to decrypt the ciphertext before it is reencrypted. The default value, <code>SYMMETRIC_DEFAULT</code>, represents the algorithm used for symmetric encryption KMS keys.</p>
399 /// <p>Specify the same algorithm that was used to encrypt the ciphertext. If you specify a different algorithm, the decrypt attempt fails.</p>
400 /// <p>This parameter is required only when the ciphertext was encrypted under an asymmetric KMS key.</p>
401 pub fn set_source_encryption_algorithm(mut self, input: ::std::option::Option<crate::types::EncryptionAlgorithmSpec>) -> Self {
402 self.source_encryption_algorithm = input;
403 self
404 }
405 /// <p>Specifies the encryption algorithm that KMS will use to decrypt the ciphertext before it is reencrypted. The default value, <code>SYMMETRIC_DEFAULT</code>, represents the algorithm used for symmetric encryption KMS keys.</p>
406 /// <p>Specify the same algorithm that was used to encrypt the ciphertext. If you specify a different algorithm, the decrypt attempt fails.</p>
407 /// <p>This parameter is required only when the ciphertext was encrypted under an asymmetric KMS key.</p>
408 pub fn get_source_encryption_algorithm(&self) -> &::std::option::Option<crate::types::EncryptionAlgorithmSpec> {
409 &self.source_encryption_algorithm
410 }
411 /// <p>Specifies the encryption algorithm that KMS will use to reecrypt the data after it has decrypted it. The default value, <code>SYMMETRIC_DEFAULT</code>, represents the encryption algorithm used for symmetric encryption KMS keys.</p>
412 /// <p>This parameter is required only when the destination KMS key is an asymmetric KMS key.</p>
413 pub fn destination_encryption_algorithm(mut self, input: crate::types::EncryptionAlgorithmSpec) -> Self {
414 self.destination_encryption_algorithm = ::std::option::Option::Some(input);
415 self
416 }
417 /// <p>Specifies the encryption algorithm that KMS will use to reecrypt the data after it has decrypted it. The default value, <code>SYMMETRIC_DEFAULT</code>, represents the encryption algorithm used for symmetric encryption KMS keys.</p>
418 /// <p>This parameter is required only when the destination KMS key is an asymmetric KMS key.</p>
419 pub fn set_destination_encryption_algorithm(mut self, input: ::std::option::Option<crate::types::EncryptionAlgorithmSpec>) -> Self {
420 self.destination_encryption_algorithm = input;
421 self
422 }
423 /// <p>Specifies the encryption algorithm that KMS will use to reecrypt the data after it has decrypted it. The default value, <code>SYMMETRIC_DEFAULT</code>, represents the encryption algorithm used for symmetric encryption KMS keys.</p>
424 /// <p>This parameter is required only when the destination KMS key is an asymmetric KMS key.</p>
425 pub fn get_destination_encryption_algorithm(&self) -> &::std::option::Option<crate::types::EncryptionAlgorithmSpec> {
426 &self.destination_encryption_algorithm
427 }
428 /// Appends an item to `grant_tokens`.
429 ///
430 /// To override the contents of this collection use [`set_grant_tokens`](Self::set_grant_tokens).
431 ///
432 /// <p>A list of grant tokens.</p>
433 /// <p>Use a grant token when your permission to call this operation comes from a new grant that has not yet achieved <i>eventual consistency</i>. For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token">Grant token</a> and <a href="https://docs.aws.amazon.com/kms/latest/developerguide/using-grant-token.html">Using a grant token</a> in the <i>Key Management Service Developer Guide</i>.</p>
434 pub fn grant_tokens(mut self, input: impl ::std::convert::Into<::std::string::String>) -> Self {
435 let mut v = self.grant_tokens.unwrap_or_default();
436 v.push(input.into());
437 self.grant_tokens = ::std::option::Option::Some(v);
438 self
439 }
440 /// <p>A list of grant tokens.</p>
441 /// <p>Use a grant token when your permission to call this operation comes from a new grant that has not yet achieved <i>eventual consistency</i>. For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token">Grant token</a> and <a href="https://docs.aws.amazon.com/kms/latest/developerguide/using-grant-token.html">Using a grant token</a> in the <i>Key Management Service Developer Guide</i>.</p>
442 pub fn set_grant_tokens(mut self, input: ::std::option::Option<::std::vec::Vec<::std::string::String>>) -> Self {
443 self.grant_tokens = input;
444 self
445 }
446 /// <p>A list of grant tokens.</p>
447 /// <p>Use a grant token when your permission to call this operation comes from a new grant that has not yet achieved <i>eventual consistency</i>. For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token">Grant token</a> and <a href="https://docs.aws.amazon.com/kms/latest/developerguide/using-grant-token.html">Using a grant token</a> in the <i>Key Management Service Developer Guide</i>.</p>
448 pub fn get_grant_tokens(&self) -> &::std::option::Option<::std::vec::Vec<::std::string::String>> {
449 &self.grant_tokens
450 }
451 /// <p>Checks if your request will succeed. <code>DryRun</code> is an optional parameter.</p>
452 /// <p>To learn more about how to use this parameter, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/testing-permissions.html">Testing your permissions</a> in the <i>Key Management Service Developer Guide</i>.</p>
453 pub fn dry_run(mut self, input: bool) -> Self {
454 self.dry_run = ::std::option::Option::Some(input);
455 self
456 }
457 /// <p>Checks if your request will succeed. <code>DryRun</code> is an optional parameter.</p>
458 /// <p>To learn more about how to use this parameter, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/testing-permissions.html">Testing your permissions</a> in the <i>Key Management Service Developer Guide</i>.</p>
459 pub fn set_dry_run(mut self, input: ::std::option::Option<bool>) -> Self {
460 self.dry_run = input;
461 self
462 }
463 /// <p>Checks if your request will succeed. <code>DryRun</code> is an optional parameter.</p>
464 /// <p>To learn more about how to use this parameter, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/testing-permissions.html">Testing your permissions</a> in the <i>Key Management Service Developer Guide</i>.</p>
465 pub fn get_dry_run(&self) -> &::std::option::Option<bool> {
466 &self.dry_run
467 }
468 /// Appends an item to `dry_run_modifiers`.
469 ///
470 /// To override the contents of this collection use [`set_dry_run_modifiers`](Self::set_dry_run_modifiers).
471 ///
472 /// <p>Specifies the modifiers to apply to the dry run operation. <code>DryRunModifiers</code> is an optional parameter that only applies when <code>DryRun</code> is set to <code>true</code>.</p>
473 /// <p>When set to <code>IGNORE_CIPHERTEXT</code>, KMS performs only authorization validation without ciphertext validation. This allows you to test permissions without requiring a valid ciphertext blob.</p>
474 /// <p>To learn more about how to use this parameter, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/testing-permissions.html">Testing your permissions</a> in the <i>Key Management Service Developer Guide</i>.</p>
475 pub fn dry_run_modifiers(mut self, input: crate::types::DryRunModifierType) -> Self {
476 let mut v = self.dry_run_modifiers.unwrap_or_default();
477 v.push(input);
478 self.dry_run_modifiers = ::std::option::Option::Some(v);
479 self
480 }
481 /// <p>Specifies the modifiers to apply to the dry run operation. <code>DryRunModifiers</code> is an optional parameter that only applies when <code>DryRun</code> is set to <code>true</code>.</p>
482 /// <p>When set to <code>IGNORE_CIPHERTEXT</code>, KMS performs only authorization validation without ciphertext validation. This allows you to test permissions without requiring a valid ciphertext blob.</p>
483 /// <p>To learn more about how to use this parameter, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/testing-permissions.html">Testing your permissions</a> in the <i>Key Management Service Developer Guide</i>.</p>
484 pub fn set_dry_run_modifiers(mut self, input: ::std::option::Option<::std::vec::Vec<crate::types::DryRunModifierType>>) -> Self {
485 self.dry_run_modifiers = input;
486 self
487 }
488 /// <p>Specifies the modifiers to apply to the dry run operation. <code>DryRunModifiers</code> is an optional parameter that only applies when <code>DryRun</code> is set to <code>true</code>.</p>
489 /// <p>When set to <code>IGNORE_CIPHERTEXT</code>, KMS performs only authorization validation without ciphertext validation. This allows you to test permissions without requiring a valid ciphertext blob.</p>
490 /// <p>To learn more about how to use this parameter, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/testing-permissions.html">Testing your permissions</a> in the <i>Key Management Service Developer Guide</i>.</p>
491 pub fn get_dry_run_modifiers(&self) -> &::std::option::Option<::std::vec::Vec<crate::types::DryRunModifierType>> {
492 &self.dry_run_modifiers
493 }
494 /// Consumes the builder and constructs a [`ReEncryptInput`](crate::operation::re_encrypt::ReEncryptInput).
495 pub fn build(self) -> ::std::result::Result<crate::operation::re_encrypt::ReEncryptInput, ::aws_smithy_types::error::operation::BuildError> {
496 ::std::result::Result::Ok(crate::operation::re_encrypt::ReEncryptInput {
497 ciphertext_blob: self.ciphertext_blob,
498 source_encryption_context: self.source_encryption_context,
499 source_key_id: self.source_key_id,
500 destination_key_id: self.destination_key_id,
501 destination_encryption_context: self.destination_encryption_context,
502 source_encryption_algorithm: self.source_encryption_algorithm,
503 destination_encryption_algorithm: self.destination_encryption_algorithm,
504 grant_tokens: self.grant_tokens,
505 dry_run: self.dry_run,
506 dry_run_modifiers: self.dry_run_modifiers,
507 })
508 }
509}