package awskms

import (
	_init_ "github.com/aws/aws-cdk-go/awscdk/v2/jsii"
	_jsii_ "github.com/aws/jsii-runtime-go/runtime"

	"github.com/aws/aws-cdk-go/awscdk/v2"
	"github.com/aws/aws-cdk-go/awscdk/v2/awsiam"
	"github.com/aws/aws-cdk-go/awscdk/v2/awskms/internal"
	"github.com/aws/constructs-go/constructs/v10"
)

// Defines a KMS key.
//
// Example:
//   import kms "github.com/aws/aws-cdk-go/awscdk"
//
//
//   encryptionKey := kms.NewKey(this, jsii.String("Key"), &KeyProps{
//   	EnableKeyRotation: jsii.Boolean(true),
//   })
//   table := dynamodb.NewTable(this, jsii.String("MyTable"), &TableProps{
//   	PartitionKey: &Attribute{
//   		Name: jsii.String("id"),
//   		Type: dynamodb.AttributeType_STRING,
//   	},
//   	Encryption: dynamodb.TableEncryption_CUSTOMER_MANAGED,
//   	EncryptionKey: EncryptionKey,
//   })
//
type Key interface {
	awscdk.Resource
	IKey
	// The environment this resource belongs to.
	//
	// For resources that are created and managed by the CDK
	// (generally, those created by creating new class instances like Role, Bucket, etc.),
	// this is always the same as the environment of the stack they belong to;
	// however, for imported resources
	// (those obtained from static methods like fromRoleArn, fromBucketName, etc.),
	// that might be different than the stack they were imported into.
	Env() *awscdk.ResourceEnvironment
	// The ARN of the key.
	KeyArn() *string
	// The ID of the key (the part that looks something like: 1234abcd-12ab-34cd-56ef-1234567890ab).
	KeyId() *string
	// The tree node.
	Node() constructs.Node
	// Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
	//
	// This value will resolve to one of the following:
	// - a concrete value (e.g. `"my-awesome-bucket"`)
	// - `undefined`, when a name should be generated by CloudFormation
	// - a concrete name generated automatically during synthesis, in
	//   cross-environment scenarios.
	PhysicalName() *string
	// Optional policy document that represents the resource policy of this key.
	//
	// If specified, addToResourcePolicy can be used to edit this policy.
	// Otherwise this method will no-op.
	Policy() awsiam.PolicyDocument
	// The stack in which this resource is defined.
	Stack() awscdk.Stack
	// Optional property to control trusting account identities.
	//
	// If specified, grants will default identity policies instead of to both
	// resource and identity policies. This matches the default behavior when creating
	// KMS keys via the API or console.
	TrustAccountIdentities() *bool
	// Defines a new alias for the key.
	AddAlias(aliasName *string) Alias
	// Adds a statement to the KMS key resource policy.
	AddToResourcePolicy(statement awsiam.PolicyStatement, allowNoOp *bool) *awsiam.AddToResourcePolicyResult
	// Apply the given removal policy to this resource.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	GeneratePhysicalName() *string
	// Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`).
	//
	// Normally, this token will resolve to `arnAttr`, but if the resource is
	// referenced across environments, `arnComponents` will be used to synthesize
	// a concrete ARN with the resource's physical name. Make sure to reference
	// `this.physicalName` in `arnComponents`.
	GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
	// Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`).
	//
	// Normally, this token will resolve to `nameAttr`, but if the resource is
	// referenced across environments, it will be resolved to `this.physicalName`,
	// which will be a concrete name.
	GetResourceNameAttribute(nameAttr *string) *string
	// Grant the indicated permissions on this key to the given principal.
	//
	// This modifies both the principal's policy as well as the resource policy,
	// since the default CloudFormation setup for KMS keys is that the policy
	// must not be empty and so default grants won't work.
	Grant(grantee awsiam.IGrantable, actions ...*string) awsiam.Grant
	// Grant admins permissions using this key to the given principal.
	//
	// Key administrators have permissions to manage the key (e.g., change permissions, revoke), but do not have permissions
	// to use the key in cryptographic operations (e.g., encrypt, decrypt).
	GrantAdmin(grantee awsiam.IGrantable) awsiam.Grant
	// Grant decryption permissions using this key to the given principal.
	GrantDecrypt(grantee awsiam.IGrantable) awsiam.Grant
	// Grant encryption permissions using this key to the given principal.
	GrantEncrypt(grantee awsiam.IGrantable) awsiam.Grant
	// Grant encryption and decryption permissions using this key to the given principal.
	GrantEncryptDecrypt(grantee awsiam.IGrantable) awsiam.Grant
	// Grant permissions to generating MACs to the given principal.
	GrantGenerateMac(grantee awsiam.IGrantable) awsiam.Grant
	// Grant permissions to verifying MACs to the given principal.
	GrantVerifyMac(grantee awsiam.IGrantable) awsiam.Grant
	// Returns a string representation of this construct.
	ToString() *string
}

// The jsii proxy struct for Key
type jsiiProxy_Key struct {
	internal.Type__awscdkResource
	jsiiProxy_IKey
}

func (j *jsiiProxy_Key) Env() *awscdk.ResourceEnvironment {
	var returns *awscdk.ResourceEnvironment
	_jsii_.Get(
		j,
		"env",
		&returns,
	)
	return returns
}

func (j *jsiiProxy_Key) KeyArn() *string {
	var returns *string
	_jsii_.Get(
		j,
		"keyArn",
		&returns,
	)
	return returns
}

func (j *jsiiProxy_Key) KeyId() *string {
	var returns *string
	_jsii_.Get(
		j,
		"keyId",
		&returns,
	)
	return returns
}

func (j *jsiiProxy_Key) Node() constructs.Node {
	var returns constructs.Node
	_jsii_.Get(
		j,
		"node",
		&returns,
	)
	return returns
}

func (j *jsiiProxy_Key) PhysicalName() *string {
	var returns *string
	_jsii_.Get(
		j,
		"physicalName",
		&returns,
	)
	return returns
}

func (j *jsiiProxy_Key) Policy() awsiam.PolicyDocument {
	var returns awsiam.PolicyDocument
	_jsii_.Get(
		j,
		"policy",
		&returns,
	)
	return returns
}

func (j *jsiiProxy_Key) Stack() awscdk.Stack {
	var returns awscdk.Stack
	_jsii_.Get(
		j,
		"stack",
		&returns,
	)
	return returns
}

func (j *jsiiProxy_Key) TrustAccountIdentities() *bool {
	var returns *bool
	_jsii_.Get(
		j,
		"trustAccountIdentities",
		&returns,
	)
	return returns
}


func NewKey(scope constructs.Construct, id *string, props *KeyProps) Key {
	_init_.Initialize()

	if err := validateNewKeyParameters(scope, id, props); err != nil {
		panic(err)
	}
	j := jsiiProxy_Key{}

	_jsii_.Create(
		"aws-cdk-lib.aws_kms.Key",
		[]interface{}{scope, id, props},
		&j,
	)

	return &j
}

func NewKey_Override(k Key, scope constructs.Construct, id *string, props *KeyProps) {
	_init_.Initialize()

	_jsii_.Create(
		"aws-cdk-lib.aws_kms.Key",
		[]interface{}{scope, id, props},
		k,
	)
}

// Create a mutable `IKey` based on a low-level `CfnKey`.
//
// This is most useful when combined with the cloudformation-include module.
// This method is different than `fromKeyArn()` because the `IKey`
// returned from this method is mutable;
// meaning, calling any mutating methods on it,
// like `IKey.addToResourcePolicy()`,
// will actually be reflected in the resulting template,
// as opposed to the object returned from `fromKeyArn()`,
// on which calling those methods would have no effect.
func Key_FromCfnKey(cfnKey CfnKey) IKey {
	_init_.Initialize()

	if err := validateKey_FromCfnKeyParameters(cfnKey); err != nil {
		panic(err)
	}
	var returns IKey

	_jsii_.StaticInvoke(
		"aws-cdk-lib.aws_kms.Key",
		"fromCfnKey",
		[]interface{}{cfnKey},
		&returns,
	)

	return returns
}

// Import an externally defined KMS Key using its ARN.
func Key_FromKeyArn(scope constructs.Construct, id *string, keyArn *string) IKey {
	_init_.Initialize()

	if err := validateKey_FromKeyArnParameters(scope, id, keyArn); err != nil {
		panic(err)
	}
	var returns IKey

	_jsii_.StaticInvoke(
		"aws-cdk-lib.aws_kms.Key",
		"fromKeyArn",
		[]interface{}{scope, id, keyArn},
		&returns,
	)

	return returns
}

// Import an existing Key by querying the AWS environment this stack is deployed to.
//
// This function only needs to be used to use Keys not defined in your CDK
// application. If you are looking to share a Key between stacks, you can
// pass the `Key` object between stacks and use it as normal. In addition,
// it's not necessary to use this method if an interface accepts an `IKey`.
// In this case, `Alias.fromAliasName()` can be used which returns an alias
// that extends `IKey`.
//
// Calling this method will lead to a lookup when the CDK CLI is executed.
// You can therefore not use any values that will only be available at
// CloudFormation execution time (i.e., Tokens).
//
// The Key information will be cached in `cdk.context.json` and the same Key
// will be used on future runs. To refresh the lookup, you will have to
// evict the value from the cache using the `cdk context` command. See
// https://docs.aws.amazon.com/cdk/latest/guide/context.html for more information.
func Key_FromLookup(scope constructs.Construct, id *string, options *KeyLookupOptions) IKey {
	_init_.Initialize()

	if err := validateKey_FromLookupParameters(scope, id, options); err != nil {
		panic(err)
	}
	var returns IKey

	_jsii_.StaticInvoke(
		"aws-cdk-lib.aws_kms.Key",
		"fromLookup",
		[]interface{}{scope, id, options},
		&returns,
	)

	return returns
}

// Checks if `x` is a construct.
//
// Use this method instead of `instanceof` to properly detect `Construct`
// instances, even when the construct library is symlinked.
//
// Explanation: in JavaScript, multiple copies of the `constructs` library on
// disk are seen as independent, completely different libraries. As a
// consequence, the class `Construct` in each copy of the `constructs` library
// is seen as a different class, and an instance of one class will not test as
// `instanceof` the other class. `npm install` will not create installations
// like this, but users may manually symlink construct libraries together or
// use a monorepo tool: in those cases, multiple copies of the `constructs`
// library can be accidentally installed, and `instanceof` will behave
// unpredictably. It is safest to avoid using `instanceof`, and using
// this type-testing method instead.
//
// Returns: true if `x` is an object created from a class which extends `Construct`.
func Key_IsConstruct(x interface{}) *bool {
	_init_.Initialize()

	if err := validateKey_IsConstructParameters(x); err != nil {
		panic(err)
	}
	var returns *bool

	_jsii_.StaticInvoke(
		"aws-cdk-lib.aws_kms.Key",
		"isConstruct",
		[]interface{}{x},
		&returns,
	)

	return returns
}

// Returns true if the construct was created by CDK, and false otherwise.
func Key_IsOwnedResource(construct constructs.IConstruct) *bool {
	_init_.Initialize()

	if err := validateKey_IsOwnedResourceParameters(construct); err != nil {
		panic(err)
	}
	var returns *bool

	_jsii_.StaticInvoke(
		"aws-cdk-lib.aws_kms.Key",
		"isOwnedResource",
		[]interface{}{construct},
		&returns,
	)

	return returns
}

// Check whether the given construct is a Resource.
func Key_IsResource(construct constructs.IConstruct) *bool {
	_init_.Initialize()

	if err := validateKey_IsResourceParameters(construct); err != nil {
		panic(err)
	}
	var returns *bool

	_jsii_.StaticInvoke(
		"aws-cdk-lib.aws_kms.Key",
		"isResource",
		[]interface{}{construct},
		&returns,
	)

	return returns
}

func (k *jsiiProxy_Key) AddAlias(aliasName *string) Alias {
	if err := k.validateAddAliasParameters(aliasName); err != nil {
		panic(err)
	}
	var returns Alias

	_jsii_.Invoke(
		k,
		"addAlias",
		[]interface{}{aliasName},
		&returns,
	)

	return returns
}

func (k *jsiiProxy_Key) AddToResourcePolicy(statement awsiam.PolicyStatement, allowNoOp *bool) *awsiam.AddToResourcePolicyResult {
	if err := k.validateAddToResourcePolicyParameters(statement); err != nil {
		panic(err)
	}
	var returns *awsiam.AddToResourcePolicyResult

	_jsii_.Invoke(
		k,
		"addToResourcePolicy",
		[]interface{}{statement, allowNoOp},
		&returns,
	)

	return returns
}

func (k *jsiiProxy_Key) ApplyRemovalPolicy(policy awscdk.RemovalPolicy) {
	if err := k.validateApplyRemovalPolicyParameters(policy); err != nil {
		panic(err)
	}
	_jsii_.InvokeVoid(
		k,
		"applyRemovalPolicy",
		[]interface{}{policy},
	)
}

func (k *jsiiProxy_Key) GeneratePhysicalName() *string {
	var returns *string

	_jsii_.Invoke(
		k,
		"generatePhysicalName",
		nil, // no parameters
		&returns,
	)

	return returns
}

func (k *jsiiProxy_Key) GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string {
	if err := k.validateGetResourceArnAttributeParameters(arnAttr, arnComponents); err != nil {
		panic(err)
	}
	var returns *string

	_jsii_.Invoke(
		k,
		"getResourceArnAttribute",
		[]interface{}{arnAttr, arnComponents},
		&returns,
	)

	return returns
}

func (k *jsiiProxy_Key) GetResourceNameAttribute(nameAttr *string) *string {
	if err := k.validateGetResourceNameAttributeParameters(nameAttr); err != nil {
		panic(err)
	}
	var returns *string

	_jsii_.Invoke(
		k,
		"getResourceNameAttribute",
		[]interface{}{nameAttr},
		&returns,
	)

	return returns
}

func (k *jsiiProxy_Key) Grant(grantee awsiam.IGrantable, actions ...*string) awsiam.Grant {
	if err := k.validateGrantParameters(grantee); err != nil {
		panic(err)
	}
	args := []interface{}{grantee}
	for _, a := range actions {
		args = append(args, a)
	}

	var returns awsiam.Grant

	_jsii_.Invoke(
		k,
		"grant",
		args,
		&returns,
	)

	return returns
}

func (k *jsiiProxy_Key) GrantAdmin(grantee awsiam.IGrantable) awsiam.Grant {
	if err := k.validateGrantAdminParameters(grantee); err != nil {
		panic(err)
	}
	var returns awsiam.Grant

	_jsii_.Invoke(
		k,
		"grantAdmin",
		[]interface{}{grantee},
		&returns,
	)

	return returns
}

func (k *jsiiProxy_Key) GrantDecrypt(grantee awsiam.IGrantable) awsiam.Grant {
	if err := k.validateGrantDecryptParameters(grantee); err != nil {
		panic(err)
	}
	var returns awsiam.Grant

	_jsii_.Invoke(
		k,
		"grantDecrypt",
		[]interface{}{grantee},
		&returns,
	)

	return returns
}

func (k *jsiiProxy_Key) GrantEncrypt(grantee awsiam.IGrantable) awsiam.Grant {
	if err := k.validateGrantEncryptParameters(grantee); err != nil {
		panic(err)
	}
	var returns awsiam.Grant

	_jsii_.Invoke(
		k,
		"grantEncrypt",
		[]interface{}{grantee},
		&returns,
	)

	return returns
}

func (k *jsiiProxy_Key) GrantEncryptDecrypt(grantee awsiam.IGrantable) awsiam.Grant {
	if err := k.validateGrantEncryptDecryptParameters(grantee); err != nil {
		panic(err)
	}
	var returns awsiam.Grant

	_jsii_.Invoke(
		k,
		"grantEncryptDecrypt",
		[]interface{}{grantee},
		&returns,
	)

	return returns
}

func (k *jsiiProxy_Key) GrantGenerateMac(grantee awsiam.IGrantable) awsiam.Grant {
	if err := k.validateGrantGenerateMacParameters(grantee); err != nil {
		panic(err)
	}
	var returns awsiam.Grant

	_jsii_.Invoke(
		k,
		"grantGenerateMac",
		[]interface{}{grantee},
		&returns,
	)

	return returns
}

func (k *jsiiProxy_Key) GrantVerifyMac(grantee awsiam.IGrantable) awsiam.Grant {
	if err := k.validateGrantVerifyMacParameters(grantee); err != nil {
		panic(err)
	}
	var returns awsiam.Grant

	_jsii_.Invoke(
		k,
		"grantVerifyMac",
		[]interface{}{grantee},
		&returns,
	)

	return returns
}

func (k *jsiiProxy_Key) ToString() *string {
	var returns *string

	_jsii_.Invoke(
		k,
		"toString",
		nil, // no parameters
		&returns,
	)

	return returns
}