{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.CloudTrail.Types.EventSelector
-- Copyright   : (c) 2013-2021 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
module Amazonka.CloudTrail.Types.EventSelector where

import Amazonka.CloudTrail.Types.DataResource
import Amazonka.CloudTrail.Types.ReadWriteType
import qualified Amazonka.Core as Core
import qualified Amazonka.Lens as Lens
import qualified Amazonka.Prelude as Prelude

-- | Use event selectors to further specify the management and data event
-- settings for your trail. By default, trails created without specific
-- event selectors will be configured to log all read and write management
-- events, and no data events. When an event occurs in your account,
-- CloudTrail evaluates the event selector for all trails. For each trail,
-- if the event matches any event selector, the trail processes and logs
-- the event. If the event doesn\'t match any event selector, the trail
-- doesn\'t log the event.
--
-- You can configure up to five event selectors for a trail.
--
-- You cannot apply both event selectors and advanced event selectors to a
-- trail.
--
-- /See:/ 'newEventSelector' smart constructor.
data EventSelector = EventSelector'
  { -- | CloudTrail supports data event logging for Amazon S3 objects, Lambda
    -- functions, and Amazon DynamoDB tables with basic event selectors. You
    -- can specify up to 250 resources for an individual event selector, but
    -- the total number of data resources cannot exceed 250 across all event
    -- selectors in a trail. This limit does not apply if you configure
    -- resource logging for all data events.
    --
    -- For more information, see
    -- <https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-and-data-events-with-cloudtrail.html#logging-data-events Data Events>
    -- and
    -- <https://docs.aws.amazon.com/awscloudtrail/latest/userguide/WhatIsCloudTrail-Limits.html Limits in CloudTrail>
    -- in the /CloudTrail User Guide/.
    EventSelector -> Maybe [DataResource]
dataResources :: Prelude.Maybe [DataResource],
    -- | Specify if you want your trail to log read-only events, write-only
    -- events, or all. For example, the EC2 @GetConsoleOutput@ is a read-only
    -- API operation and @RunInstances@ is a write-only API operation.
    --
    -- By default, the value is @All@.
    EventSelector -> Maybe ReadWriteType
readWriteType :: Prelude.Maybe ReadWriteType,
    -- | An optional list of service event sources from which you do not want
    -- management events to be logged on your trail. In this release, the list
    -- can be empty (disables the filter), or it can filter out Key Management
    -- Service or Amazon RDS Data API events by containing @kms.amazonaws.com@
    -- or @rdsdata.amazonaws.com@. By default, @ExcludeManagementEventSources@
    -- is empty, and KMS and Amazon RDS Data API events are logged to your
    -- trail.
    EventSelector -> Maybe [Text]
excludeManagementEventSources :: Prelude.Maybe [Prelude.Text],
    -- | Specify if you want your event selector to include management events for
    -- your trail.
    --
    -- For more information, see
    -- <https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-and-data-events-with-cloudtrail.html#logging-management-events Management Events>
    -- in the /CloudTrail User Guide/.
    --
    -- By default, the value is @true@.
    --
    -- The first copy of management events is free. You are charged for
    -- additional copies of management events that you are logging on any
    -- subsequent trail in the same region. For more information about
    -- CloudTrail pricing, see
    -- <http://aws.amazon.com/cloudtrail/pricing/ CloudTrail Pricing>.
    EventSelector -> Maybe Bool
includeManagementEvents :: Prelude.Maybe Prelude.Bool
  }
  deriving (EventSelector -> EventSelector -> Bool
(EventSelector -> EventSelector -> Bool)
-> (EventSelector -> EventSelector -> Bool) -> Eq EventSelector
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: EventSelector -> EventSelector -> Bool
$c/= :: EventSelector -> EventSelector -> Bool
== :: EventSelector -> EventSelector -> Bool
$c== :: EventSelector -> EventSelector -> Bool
Prelude.Eq, ReadPrec [EventSelector]
ReadPrec EventSelector
Int -> ReadS EventSelector
ReadS [EventSelector]
(Int -> ReadS EventSelector)
-> ReadS [EventSelector]
-> ReadPrec EventSelector
-> ReadPrec [EventSelector]
-> Read EventSelector
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [EventSelector]
$creadListPrec :: ReadPrec [EventSelector]
readPrec :: ReadPrec EventSelector
$creadPrec :: ReadPrec EventSelector
readList :: ReadS [EventSelector]
$creadList :: ReadS [EventSelector]
readsPrec :: Int -> ReadS EventSelector
$creadsPrec :: Int -> ReadS EventSelector
Prelude.Read, Int -> EventSelector -> ShowS
[EventSelector] -> ShowS
EventSelector -> String
(Int -> EventSelector -> ShowS)
-> (EventSelector -> String)
-> ([EventSelector] -> ShowS)
-> Show EventSelector
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [EventSelector] -> ShowS
$cshowList :: [EventSelector] -> ShowS
show :: EventSelector -> String
$cshow :: EventSelector -> String
showsPrec :: Int -> EventSelector -> ShowS
$cshowsPrec :: Int -> EventSelector -> ShowS
Prelude.Show, (forall x. EventSelector -> Rep EventSelector x)
-> (forall x. Rep EventSelector x -> EventSelector)
-> Generic EventSelector
forall x. Rep EventSelector x -> EventSelector
forall x. EventSelector -> Rep EventSelector x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x. Rep EventSelector x -> EventSelector
$cfrom :: forall x. EventSelector -> Rep EventSelector x
Prelude.Generic)

-- |
-- Create a value of 'EventSelector' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'dataResources', 'eventSelector_dataResources' - CloudTrail supports data event logging for Amazon S3 objects, Lambda
-- functions, and Amazon DynamoDB tables with basic event selectors. You
-- can specify up to 250 resources for an individual event selector, but
-- the total number of data resources cannot exceed 250 across all event
-- selectors in a trail. This limit does not apply if you configure
-- resource logging for all data events.
--
-- For more information, see
-- <https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-and-data-events-with-cloudtrail.html#logging-data-events Data Events>
-- and
-- <https://docs.aws.amazon.com/awscloudtrail/latest/userguide/WhatIsCloudTrail-Limits.html Limits in CloudTrail>
-- in the /CloudTrail User Guide/.
--
-- 'readWriteType', 'eventSelector_readWriteType' - Specify if you want your trail to log read-only events, write-only
-- events, or all. For example, the EC2 @GetConsoleOutput@ is a read-only
-- API operation and @RunInstances@ is a write-only API operation.
--
-- By default, the value is @All@.
--
-- 'excludeManagementEventSources', 'eventSelector_excludeManagementEventSources' - An optional list of service event sources from which you do not want
-- management events to be logged on your trail. In this release, the list
-- can be empty (disables the filter), or it can filter out Key Management
-- Service or Amazon RDS Data API events by containing @kms.amazonaws.com@
-- or @rdsdata.amazonaws.com@. By default, @ExcludeManagementEventSources@
-- is empty, and KMS and Amazon RDS Data API events are logged to your
-- trail.
--
-- 'includeManagementEvents', 'eventSelector_includeManagementEvents' - Specify if you want your event selector to include management events for
-- your trail.
--
-- For more information, see
-- <https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-and-data-events-with-cloudtrail.html#logging-management-events Management Events>
-- in the /CloudTrail User Guide/.
--
-- By default, the value is @true@.
--
-- The first copy of management events is free. You are charged for
-- additional copies of management events that you are logging on any
-- subsequent trail in the same region. For more information about
-- CloudTrail pricing, see
-- <http://aws.amazon.com/cloudtrail/pricing/ CloudTrail Pricing>.
newEventSelector ::
  EventSelector
newEventSelector :: EventSelector
newEventSelector =
  EventSelector' :: Maybe [DataResource]
-> Maybe ReadWriteType
-> Maybe [Text]
-> Maybe Bool
-> EventSelector
EventSelector'
    { $sel:dataResources:EventSelector' :: Maybe [DataResource]
dataResources = Maybe [DataResource]
forall a. Maybe a
Prelude.Nothing,
      $sel:readWriteType:EventSelector' :: Maybe ReadWriteType
readWriteType = Maybe ReadWriteType
forall a. Maybe a
Prelude.Nothing,
      $sel:excludeManagementEventSources:EventSelector' :: Maybe [Text]
excludeManagementEventSources = Maybe [Text]
forall a. Maybe a
Prelude.Nothing,
      $sel:includeManagementEvents:EventSelector' :: Maybe Bool
includeManagementEvents = Maybe Bool
forall a. Maybe a
Prelude.Nothing
    }

-- | CloudTrail supports data event logging for Amazon S3 objects, Lambda
-- functions, and Amazon DynamoDB tables with basic event selectors. You
-- can specify up to 250 resources for an individual event selector, but
-- the total number of data resources cannot exceed 250 across all event
-- selectors in a trail. This limit does not apply if you configure
-- resource logging for all data events.
--
-- For more information, see
-- <https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-and-data-events-with-cloudtrail.html#logging-data-events Data Events>
-- and
-- <https://docs.aws.amazon.com/awscloudtrail/latest/userguide/WhatIsCloudTrail-Limits.html Limits in CloudTrail>
-- in the /CloudTrail User Guide/.
eventSelector_dataResources :: Lens.Lens' EventSelector (Prelude.Maybe [DataResource])
eventSelector_dataResources :: (Maybe [DataResource] -> f (Maybe [DataResource]))
-> EventSelector -> f EventSelector
eventSelector_dataResources = (EventSelector -> Maybe [DataResource])
-> (EventSelector -> Maybe [DataResource] -> EventSelector)
-> Lens
     EventSelector
     EventSelector
     (Maybe [DataResource])
     (Maybe [DataResource])
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\EventSelector' {Maybe [DataResource]
dataResources :: Maybe [DataResource]
$sel:dataResources:EventSelector' :: EventSelector -> Maybe [DataResource]
dataResources} -> Maybe [DataResource]
dataResources) (\s :: EventSelector
s@EventSelector' {} Maybe [DataResource]
a -> EventSelector
s {$sel:dataResources:EventSelector' :: Maybe [DataResource]
dataResources = Maybe [DataResource]
a} :: EventSelector) ((Maybe [DataResource] -> f (Maybe [DataResource]))
 -> EventSelector -> f EventSelector)
-> ((Maybe [DataResource] -> f (Maybe [DataResource]))
    -> Maybe [DataResource] -> f (Maybe [DataResource]))
-> (Maybe [DataResource] -> f (Maybe [DataResource]))
-> EventSelector
-> f EventSelector
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. AnIso [DataResource] [DataResource] [DataResource] [DataResource]
-> Iso
     (Maybe [DataResource])
     (Maybe [DataResource])
     (Maybe [DataResource])
     (Maybe [DataResource])
forall (f :: * -> *) (g :: * -> *) s t a b.
(Functor f, Functor g) =>
AnIso s t a b -> Iso (f s) (g t) (f a) (g b)
Lens.mapping AnIso [DataResource] [DataResource] [DataResource] [DataResource]
forall s t a b. (Coercible s a, Coercible t b) => Iso s t a b
Lens.coerced

-- | Specify if you want your trail to log read-only events, write-only
-- events, or all. For example, the EC2 @GetConsoleOutput@ is a read-only
-- API operation and @RunInstances@ is a write-only API operation.
--
-- By default, the value is @All@.
eventSelector_readWriteType :: Lens.Lens' EventSelector (Prelude.Maybe ReadWriteType)
eventSelector_readWriteType :: (Maybe ReadWriteType -> f (Maybe ReadWriteType))
-> EventSelector -> f EventSelector
eventSelector_readWriteType = (EventSelector -> Maybe ReadWriteType)
-> (EventSelector -> Maybe ReadWriteType -> EventSelector)
-> Lens
     EventSelector
     EventSelector
     (Maybe ReadWriteType)
     (Maybe ReadWriteType)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\EventSelector' {Maybe ReadWriteType
readWriteType :: Maybe ReadWriteType
$sel:readWriteType:EventSelector' :: EventSelector -> Maybe ReadWriteType
readWriteType} -> Maybe ReadWriteType
readWriteType) (\s :: EventSelector
s@EventSelector' {} Maybe ReadWriteType
a -> EventSelector
s {$sel:readWriteType:EventSelector' :: Maybe ReadWriteType
readWriteType = Maybe ReadWriteType
a} :: EventSelector)

-- | An optional list of service event sources from which you do not want
-- management events to be logged on your trail. In this release, the list
-- can be empty (disables the filter), or it can filter out Key Management
-- Service or Amazon RDS Data API events by containing @kms.amazonaws.com@
-- or @rdsdata.amazonaws.com@. By default, @ExcludeManagementEventSources@
-- is empty, and KMS and Amazon RDS Data API events are logged to your
-- trail.
eventSelector_excludeManagementEventSources :: Lens.Lens' EventSelector (Prelude.Maybe [Prelude.Text])
eventSelector_excludeManagementEventSources :: (Maybe [Text] -> f (Maybe [Text]))
-> EventSelector -> f EventSelector
eventSelector_excludeManagementEventSources = (EventSelector -> Maybe [Text])
-> (EventSelector -> Maybe [Text] -> EventSelector)
-> Lens EventSelector EventSelector (Maybe [Text]) (Maybe [Text])
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\EventSelector' {Maybe [Text]
excludeManagementEventSources :: Maybe [Text]
$sel:excludeManagementEventSources:EventSelector' :: EventSelector -> Maybe [Text]
excludeManagementEventSources} -> Maybe [Text]
excludeManagementEventSources) (\s :: EventSelector
s@EventSelector' {} Maybe [Text]
a -> EventSelector
s {$sel:excludeManagementEventSources:EventSelector' :: Maybe [Text]
excludeManagementEventSources = Maybe [Text]
a} :: EventSelector) ((Maybe [Text] -> f (Maybe [Text]))
 -> EventSelector -> f EventSelector)
-> ((Maybe [Text] -> f (Maybe [Text]))
    -> Maybe [Text] -> f (Maybe [Text]))
-> (Maybe [Text] -> f (Maybe [Text]))
-> EventSelector
-> f EventSelector
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. AnIso [Text] [Text] [Text] [Text]
-> Iso (Maybe [Text]) (Maybe [Text]) (Maybe [Text]) (Maybe [Text])
forall (f :: * -> *) (g :: * -> *) s t a b.
(Functor f, Functor g) =>
AnIso s t a b -> Iso (f s) (g t) (f a) (g b)
Lens.mapping AnIso [Text] [Text] [Text] [Text]
forall s t a b. (Coercible s a, Coercible t b) => Iso s t a b
Lens.coerced

-- | Specify if you want your event selector to include management events for
-- your trail.
--
-- For more information, see
-- <https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-and-data-events-with-cloudtrail.html#logging-management-events Management Events>
-- in the /CloudTrail User Guide/.
--
-- By default, the value is @true@.
--
-- The first copy of management events is free. You are charged for
-- additional copies of management events that you are logging on any
-- subsequent trail in the same region. For more information about
-- CloudTrail pricing, see
-- <http://aws.amazon.com/cloudtrail/pricing/ CloudTrail Pricing>.
eventSelector_includeManagementEvents :: Lens.Lens' EventSelector (Prelude.Maybe Prelude.Bool)
eventSelector_includeManagementEvents :: (Maybe Bool -> f (Maybe Bool)) -> EventSelector -> f EventSelector
eventSelector_includeManagementEvents = (EventSelector -> Maybe Bool)
-> (EventSelector -> Maybe Bool -> EventSelector)
-> Lens EventSelector EventSelector (Maybe Bool) (Maybe Bool)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\EventSelector' {Maybe Bool
includeManagementEvents :: Maybe Bool
$sel:includeManagementEvents:EventSelector' :: EventSelector -> Maybe Bool
includeManagementEvents} -> Maybe Bool
includeManagementEvents) (\s :: EventSelector
s@EventSelector' {} Maybe Bool
a -> EventSelector
s {$sel:includeManagementEvents:EventSelector' :: Maybe Bool
includeManagementEvents = Maybe Bool
a} :: EventSelector)

instance Core.FromJSON EventSelector where
  parseJSON :: Value -> Parser EventSelector
parseJSON =
    String
-> (Object -> Parser EventSelector)
-> Value
-> Parser EventSelector
forall a. String -> (Object -> Parser a) -> Value -> Parser a
Core.withObject
      String
"EventSelector"
      ( \Object
x ->
          Maybe [DataResource]
-> Maybe ReadWriteType
-> Maybe [Text]
-> Maybe Bool
-> EventSelector
EventSelector'
            (Maybe [DataResource]
 -> Maybe ReadWriteType
 -> Maybe [Text]
 -> Maybe Bool
 -> EventSelector)
-> Parser (Maybe [DataResource])
-> Parser
     (Maybe ReadWriteType
      -> Maybe [Text] -> Maybe Bool -> EventSelector)
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> (Object
x Object -> Text -> Parser (Maybe (Maybe [DataResource]))
forall a. FromJSON a => Object -> Text -> Parser (Maybe a)
Core..:? Text
"DataResources" Parser (Maybe (Maybe [DataResource]))
-> Maybe [DataResource] -> Parser (Maybe [DataResource])
forall a. Parser (Maybe a) -> a -> Parser a
Core..!= Maybe [DataResource]
forall a. Monoid a => a
Prelude.mempty)
            Parser
  (Maybe ReadWriteType
   -> Maybe [Text] -> Maybe Bool -> EventSelector)
-> Parser (Maybe ReadWriteType)
-> Parser (Maybe [Text] -> Maybe Bool -> EventSelector)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x Object -> Text -> Parser (Maybe ReadWriteType)
forall a. FromJSON a => Object -> Text -> Parser (Maybe a)
Core..:? Text
"ReadWriteType")
            Parser (Maybe [Text] -> Maybe Bool -> EventSelector)
-> Parser (Maybe [Text]) -> Parser (Maybe Bool -> EventSelector)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> ( Object
x Object -> Text -> Parser (Maybe (Maybe [Text]))
forall a. FromJSON a => Object -> Text -> Parser (Maybe a)
Core..:? Text
"ExcludeManagementEventSources"
                            Parser (Maybe (Maybe [Text]))
-> Maybe [Text] -> Parser (Maybe [Text])
forall a. Parser (Maybe a) -> a -> Parser a
Core..!= Maybe [Text]
forall a. Monoid a => a
Prelude.mempty
                        )
            Parser (Maybe Bool -> EventSelector)
-> Parser (Maybe Bool) -> Parser EventSelector
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x Object -> Text -> Parser (Maybe Bool)
forall a. FromJSON a => Object -> Text -> Parser (Maybe a)
Core..:? Text
"IncludeManagementEvents")
      )

instance Prelude.Hashable EventSelector

instance Prelude.NFData EventSelector

instance Core.ToJSON EventSelector where
  toJSON :: EventSelector -> Value
toJSON EventSelector' {Maybe Bool
Maybe [Text]
Maybe [DataResource]
Maybe ReadWriteType
includeManagementEvents :: Maybe Bool
excludeManagementEventSources :: Maybe [Text]
readWriteType :: Maybe ReadWriteType
dataResources :: Maybe [DataResource]
$sel:includeManagementEvents:EventSelector' :: EventSelector -> Maybe Bool
$sel:excludeManagementEventSources:EventSelector' :: EventSelector -> Maybe [Text]
$sel:readWriteType:EventSelector' :: EventSelector -> Maybe ReadWriteType
$sel:dataResources:EventSelector' :: EventSelector -> Maybe [DataResource]
..} =
    [Pair] -> Value
Core.object
      ( [Maybe Pair] -> [Pair]
forall a. [Maybe a] -> [a]
Prelude.catMaybes
          [ (Text
"DataResources" Text -> [DataResource] -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..=) ([DataResource] -> Pair) -> Maybe [DataResource] -> Maybe Pair
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe [DataResource]
dataResources,
            (Text
"ReadWriteType" Text -> ReadWriteType -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..=) (ReadWriteType -> Pair) -> Maybe ReadWriteType -> Maybe Pair
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe ReadWriteType
readWriteType,
            (Text
"ExcludeManagementEventSources" Text -> [Text] -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..=)
              ([Text] -> Pair) -> Maybe [Text] -> Maybe Pair
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe [Text]
excludeManagementEventSources,
            (Text
"IncludeManagementEvents" Text -> Bool -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..=)
              (Bool -> Pair) -> Maybe Bool -> Maybe Pair
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe Bool
includeManagementEvents
          ]
      )