{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.ECS.Types.KernelCapabilities
-- Copyright   : (c) 2013-2021 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
module Amazonka.ECS.Types.KernelCapabilities where

import qualified Amazonka.Core as Core
import qualified Amazonka.Lens as Lens
import qualified Amazonka.Prelude as Prelude

-- | The Linux capabilities for the container that are added to or dropped
-- from the default configuration provided by Docker. For more information
-- on the default capabilities and the non-default available capabilities,
-- see
-- <https://docs.docker.com/engine/reference/run/#runtime-privilege-and-linux-capabilities Runtime privilege and Linux capabilities>
-- in the /Docker run reference/. For more detailed information on these
-- Linux capabilities, see the
-- <http://man7.org/linux/man-pages/man7/capabilities.7.html capabilities(7)>
-- Linux manual page.
--
-- /See:/ 'newKernelCapabilities' smart constructor.
data KernelCapabilities = KernelCapabilities'
  { -- | The Linux capabilities for the container that have been removed from the
    -- default configuration provided by Docker. This parameter maps to
    -- @CapDrop@ in the
    -- <https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate Create a container>
    -- section of the
    -- <https://docs.docker.com/engine/api/v1.35/ Docker Remote API> and the
    -- @--cap-drop@ option to
    -- <https://docs.docker.com/engine/reference/run/#security-configuration docker run>.
    --
    -- Valid values:
    -- @\"ALL\" | \"AUDIT_CONTROL\" | \"AUDIT_WRITE\" | \"BLOCK_SUSPEND\" | \"CHOWN\" | \"DAC_OVERRIDE\" | \"DAC_READ_SEARCH\" | \"FOWNER\" | \"FSETID\" | \"IPC_LOCK\" | \"IPC_OWNER\" | \"KILL\" | \"LEASE\" | \"LINUX_IMMUTABLE\" | \"MAC_ADMIN\" | \"MAC_OVERRIDE\" | \"MKNOD\" | \"NET_ADMIN\" | \"NET_BIND_SERVICE\" | \"NET_BROADCAST\" | \"NET_RAW\" | \"SETFCAP\" | \"SETGID\" | \"SETPCAP\" | \"SETUID\" | \"SYS_ADMIN\" | \"SYS_BOOT\" | \"SYS_CHROOT\" | \"SYS_MODULE\" | \"SYS_NICE\" | \"SYS_PACCT\" | \"SYS_PTRACE\" | \"SYS_RAWIO\" | \"SYS_RESOURCE\" | \"SYS_TIME\" | \"SYS_TTY_CONFIG\" | \"SYSLOG\" | \"WAKE_ALARM\"@
    KernelCapabilities -> Maybe [Text]
drop :: Prelude.Maybe [Prelude.Text],
    -- | The Linux capabilities for the container that have been added to the
    -- default configuration provided by Docker. This parameter maps to
    -- @CapAdd@ in the
    -- <https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate Create a container>
    -- section of the
    -- <https://docs.docker.com/engine/api/v1.35/ Docker Remote API> and the
    -- @--cap-add@ option to
    -- <https://docs.docker.com/engine/reference/run/#security-configuration docker run>.
    --
    -- Tasks launched on Fargate only support adding the @SYS_PTRACE@ kernel
    -- capability.
    --
    -- Valid values:
    -- @\"ALL\" | \"AUDIT_CONTROL\" | \"AUDIT_WRITE\" | \"BLOCK_SUSPEND\" | \"CHOWN\" | \"DAC_OVERRIDE\" | \"DAC_READ_SEARCH\" | \"FOWNER\" | \"FSETID\" | \"IPC_LOCK\" | \"IPC_OWNER\" | \"KILL\" | \"LEASE\" | \"LINUX_IMMUTABLE\" | \"MAC_ADMIN\" | \"MAC_OVERRIDE\" | \"MKNOD\" | \"NET_ADMIN\" | \"NET_BIND_SERVICE\" | \"NET_BROADCAST\" | \"NET_RAW\" | \"SETFCAP\" | \"SETGID\" | \"SETPCAP\" | \"SETUID\" | \"SYS_ADMIN\" | \"SYS_BOOT\" | \"SYS_CHROOT\" | \"SYS_MODULE\" | \"SYS_NICE\" | \"SYS_PACCT\" | \"SYS_PTRACE\" | \"SYS_RAWIO\" | \"SYS_RESOURCE\" | \"SYS_TIME\" | \"SYS_TTY_CONFIG\" | \"SYSLOG\" | \"WAKE_ALARM\"@
    KernelCapabilities -> Maybe [Text]
add :: Prelude.Maybe [Prelude.Text]
  }
  deriving (KernelCapabilities -> KernelCapabilities -> Bool
(KernelCapabilities -> KernelCapabilities -> Bool)
-> (KernelCapabilities -> KernelCapabilities -> Bool)
-> Eq KernelCapabilities
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: KernelCapabilities -> KernelCapabilities -> Bool
$c/= :: KernelCapabilities -> KernelCapabilities -> Bool
== :: KernelCapabilities -> KernelCapabilities -> Bool
$c== :: KernelCapabilities -> KernelCapabilities -> Bool
Prelude.Eq, ReadPrec [KernelCapabilities]
ReadPrec KernelCapabilities
Int -> ReadS KernelCapabilities
ReadS [KernelCapabilities]
(Int -> ReadS KernelCapabilities)
-> ReadS [KernelCapabilities]
-> ReadPrec KernelCapabilities
-> ReadPrec [KernelCapabilities]
-> Read KernelCapabilities
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [KernelCapabilities]
$creadListPrec :: ReadPrec [KernelCapabilities]
readPrec :: ReadPrec KernelCapabilities
$creadPrec :: ReadPrec KernelCapabilities
readList :: ReadS [KernelCapabilities]
$creadList :: ReadS [KernelCapabilities]
readsPrec :: Int -> ReadS KernelCapabilities
$creadsPrec :: Int -> ReadS KernelCapabilities
Prelude.Read, Int -> KernelCapabilities -> ShowS
[KernelCapabilities] -> ShowS
KernelCapabilities -> String
(Int -> KernelCapabilities -> ShowS)
-> (KernelCapabilities -> String)
-> ([KernelCapabilities] -> ShowS)
-> Show KernelCapabilities
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [KernelCapabilities] -> ShowS
$cshowList :: [KernelCapabilities] -> ShowS
show :: KernelCapabilities -> String
$cshow :: KernelCapabilities -> String
showsPrec :: Int -> KernelCapabilities -> ShowS
$cshowsPrec :: Int -> KernelCapabilities -> ShowS
Prelude.Show, (forall x. KernelCapabilities -> Rep KernelCapabilities x)
-> (forall x. Rep KernelCapabilities x -> KernelCapabilities)
-> Generic KernelCapabilities
forall x. Rep KernelCapabilities x -> KernelCapabilities
forall x. KernelCapabilities -> Rep KernelCapabilities x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x. Rep KernelCapabilities x -> KernelCapabilities
$cfrom :: forall x. KernelCapabilities -> Rep KernelCapabilities x
Prelude.Generic)

-- |
-- Create a value of 'KernelCapabilities' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'drop', 'kernelCapabilities_drop' - The Linux capabilities for the container that have been removed from the
-- default configuration provided by Docker. This parameter maps to
-- @CapDrop@ in the
-- <https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate Create a container>
-- section of the
-- <https://docs.docker.com/engine/api/v1.35/ Docker Remote API> and the
-- @--cap-drop@ option to
-- <https://docs.docker.com/engine/reference/run/#security-configuration docker run>.
--
-- Valid values:
-- @\"ALL\" | \"AUDIT_CONTROL\" | \"AUDIT_WRITE\" | \"BLOCK_SUSPEND\" | \"CHOWN\" | \"DAC_OVERRIDE\" | \"DAC_READ_SEARCH\" | \"FOWNER\" | \"FSETID\" | \"IPC_LOCK\" | \"IPC_OWNER\" | \"KILL\" | \"LEASE\" | \"LINUX_IMMUTABLE\" | \"MAC_ADMIN\" | \"MAC_OVERRIDE\" | \"MKNOD\" | \"NET_ADMIN\" | \"NET_BIND_SERVICE\" | \"NET_BROADCAST\" | \"NET_RAW\" | \"SETFCAP\" | \"SETGID\" | \"SETPCAP\" | \"SETUID\" | \"SYS_ADMIN\" | \"SYS_BOOT\" | \"SYS_CHROOT\" | \"SYS_MODULE\" | \"SYS_NICE\" | \"SYS_PACCT\" | \"SYS_PTRACE\" | \"SYS_RAWIO\" | \"SYS_RESOURCE\" | \"SYS_TIME\" | \"SYS_TTY_CONFIG\" | \"SYSLOG\" | \"WAKE_ALARM\"@
--
-- 'add', 'kernelCapabilities_add' - The Linux capabilities for the container that have been added to the
-- default configuration provided by Docker. This parameter maps to
-- @CapAdd@ in the
-- <https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate Create a container>
-- section of the
-- <https://docs.docker.com/engine/api/v1.35/ Docker Remote API> and the
-- @--cap-add@ option to
-- <https://docs.docker.com/engine/reference/run/#security-configuration docker run>.
--
-- Tasks launched on Fargate only support adding the @SYS_PTRACE@ kernel
-- capability.
--
-- Valid values:
-- @\"ALL\" | \"AUDIT_CONTROL\" | \"AUDIT_WRITE\" | \"BLOCK_SUSPEND\" | \"CHOWN\" | \"DAC_OVERRIDE\" | \"DAC_READ_SEARCH\" | \"FOWNER\" | \"FSETID\" | \"IPC_LOCK\" | \"IPC_OWNER\" | \"KILL\" | \"LEASE\" | \"LINUX_IMMUTABLE\" | \"MAC_ADMIN\" | \"MAC_OVERRIDE\" | \"MKNOD\" | \"NET_ADMIN\" | \"NET_BIND_SERVICE\" | \"NET_BROADCAST\" | \"NET_RAW\" | \"SETFCAP\" | \"SETGID\" | \"SETPCAP\" | \"SETUID\" | \"SYS_ADMIN\" | \"SYS_BOOT\" | \"SYS_CHROOT\" | \"SYS_MODULE\" | \"SYS_NICE\" | \"SYS_PACCT\" | \"SYS_PTRACE\" | \"SYS_RAWIO\" | \"SYS_RESOURCE\" | \"SYS_TIME\" | \"SYS_TTY_CONFIG\" | \"SYSLOG\" | \"WAKE_ALARM\"@
newKernelCapabilities ::
  KernelCapabilities
newKernelCapabilities :: KernelCapabilities
newKernelCapabilities =
  KernelCapabilities' :: Maybe [Text] -> Maybe [Text] -> KernelCapabilities
KernelCapabilities'
    { $sel:drop:KernelCapabilities' :: Maybe [Text]
drop = Maybe [Text]
forall a. Maybe a
Prelude.Nothing,
      $sel:add:KernelCapabilities' :: Maybe [Text]
add = Maybe [Text]
forall a. Maybe a
Prelude.Nothing
    }

-- | The Linux capabilities for the container that have been removed from the
-- default configuration provided by Docker. This parameter maps to
-- @CapDrop@ in the
-- <https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate Create a container>
-- section of the
-- <https://docs.docker.com/engine/api/v1.35/ Docker Remote API> and the
-- @--cap-drop@ option to
-- <https://docs.docker.com/engine/reference/run/#security-configuration docker run>.
--
-- Valid values:
-- @\"ALL\" | \"AUDIT_CONTROL\" | \"AUDIT_WRITE\" | \"BLOCK_SUSPEND\" | \"CHOWN\" | \"DAC_OVERRIDE\" | \"DAC_READ_SEARCH\" | \"FOWNER\" | \"FSETID\" | \"IPC_LOCK\" | \"IPC_OWNER\" | \"KILL\" | \"LEASE\" | \"LINUX_IMMUTABLE\" | \"MAC_ADMIN\" | \"MAC_OVERRIDE\" | \"MKNOD\" | \"NET_ADMIN\" | \"NET_BIND_SERVICE\" | \"NET_BROADCAST\" | \"NET_RAW\" | \"SETFCAP\" | \"SETGID\" | \"SETPCAP\" | \"SETUID\" | \"SYS_ADMIN\" | \"SYS_BOOT\" | \"SYS_CHROOT\" | \"SYS_MODULE\" | \"SYS_NICE\" | \"SYS_PACCT\" | \"SYS_PTRACE\" | \"SYS_RAWIO\" | \"SYS_RESOURCE\" | \"SYS_TIME\" | \"SYS_TTY_CONFIG\" | \"SYSLOG\" | \"WAKE_ALARM\"@
kernelCapabilities_drop :: Lens.Lens' KernelCapabilities (Prelude.Maybe [Prelude.Text])
kernelCapabilities_drop :: (Maybe [Text] -> f (Maybe [Text]))
-> KernelCapabilities -> f KernelCapabilities
kernelCapabilities_drop = (KernelCapabilities -> Maybe [Text])
-> (KernelCapabilities -> Maybe [Text] -> KernelCapabilities)
-> Lens
     KernelCapabilities KernelCapabilities (Maybe [Text]) (Maybe [Text])
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\KernelCapabilities' {Maybe [Text]
drop :: Maybe [Text]
$sel:drop:KernelCapabilities' :: KernelCapabilities -> Maybe [Text]
drop} -> Maybe [Text]
drop) (\s :: KernelCapabilities
s@KernelCapabilities' {} Maybe [Text]
a -> KernelCapabilities
s {$sel:drop:KernelCapabilities' :: Maybe [Text]
drop = Maybe [Text]
a} :: KernelCapabilities) ((Maybe [Text] -> f (Maybe [Text]))
 -> KernelCapabilities -> f KernelCapabilities)
-> ((Maybe [Text] -> f (Maybe [Text]))
    -> Maybe [Text] -> f (Maybe [Text]))
-> (Maybe [Text] -> f (Maybe [Text]))
-> KernelCapabilities
-> f KernelCapabilities
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. AnIso [Text] [Text] [Text] [Text]
-> Iso (Maybe [Text]) (Maybe [Text]) (Maybe [Text]) (Maybe [Text])
forall (f :: * -> *) (g :: * -> *) s t a b.
(Functor f, Functor g) =>
AnIso s t a b -> Iso (f s) (g t) (f a) (g b)
Lens.mapping AnIso [Text] [Text] [Text] [Text]
forall s t a b. (Coercible s a, Coercible t b) => Iso s t a b
Lens.coerced

-- | The Linux capabilities for the container that have been added to the
-- default configuration provided by Docker. This parameter maps to
-- @CapAdd@ in the
-- <https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate Create a container>
-- section of the
-- <https://docs.docker.com/engine/api/v1.35/ Docker Remote API> and the
-- @--cap-add@ option to
-- <https://docs.docker.com/engine/reference/run/#security-configuration docker run>.
--
-- Tasks launched on Fargate only support adding the @SYS_PTRACE@ kernel
-- capability.
--
-- Valid values:
-- @\"ALL\" | \"AUDIT_CONTROL\" | \"AUDIT_WRITE\" | \"BLOCK_SUSPEND\" | \"CHOWN\" | \"DAC_OVERRIDE\" | \"DAC_READ_SEARCH\" | \"FOWNER\" | \"FSETID\" | \"IPC_LOCK\" | \"IPC_OWNER\" | \"KILL\" | \"LEASE\" | \"LINUX_IMMUTABLE\" | \"MAC_ADMIN\" | \"MAC_OVERRIDE\" | \"MKNOD\" | \"NET_ADMIN\" | \"NET_BIND_SERVICE\" | \"NET_BROADCAST\" | \"NET_RAW\" | \"SETFCAP\" | \"SETGID\" | \"SETPCAP\" | \"SETUID\" | \"SYS_ADMIN\" | \"SYS_BOOT\" | \"SYS_CHROOT\" | \"SYS_MODULE\" | \"SYS_NICE\" | \"SYS_PACCT\" | \"SYS_PTRACE\" | \"SYS_RAWIO\" | \"SYS_RESOURCE\" | \"SYS_TIME\" | \"SYS_TTY_CONFIG\" | \"SYSLOG\" | \"WAKE_ALARM\"@
kernelCapabilities_add :: Lens.Lens' KernelCapabilities (Prelude.Maybe [Prelude.Text])
kernelCapabilities_add :: (Maybe [Text] -> f (Maybe [Text]))
-> KernelCapabilities -> f KernelCapabilities
kernelCapabilities_add = (KernelCapabilities -> Maybe [Text])
-> (KernelCapabilities -> Maybe [Text] -> KernelCapabilities)
-> Lens
     KernelCapabilities KernelCapabilities (Maybe [Text]) (Maybe [Text])
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\KernelCapabilities' {Maybe [Text]
add :: Maybe [Text]
$sel:add:KernelCapabilities' :: KernelCapabilities -> Maybe [Text]
add} -> Maybe [Text]
add) (\s :: KernelCapabilities
s@KernelCapabilities' {} Maybe [Text]
a -> KernelCapabilities
s {$sel:add:KernelCapabilities' :: Maybe [Text]
add = Maybe [Text]
a} :: KernelCapabilities) ((Maybe [Text] -> f (Maybe [Text]))
 -> KernelCapabilities -> f KernelCapabilities)
-> ((Maybe [Text] -> f (Maybe [Text]))
    -> Maybe [Text] -> f (Maybe [Text]))
-> (Maybe [Text] -> f (Maybe [Text]))
-> KernelCapabilities
-> f KernelCapabilities
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. AnIso [Text] [Text] [Text] [Text]
-> Iso (Maybe [Text]) (Maybe [Text]) (Maybe [Text]) (Maybe [Text])
forall (f :: * -> *) (g :: * -> *) s t a b.
(Functor f, Functor g) =>
AnIso s t a b -> Iso (f s) (g t) (f a) (g b)
Lens.mapping AnIso [Text] [Text] [Text] [Text]
forall s t a b. (Coercible s a, Coercible t b) => Iso s t a b
Lens.coerced

instance Core.FromJSON KernelCapabilities where
  parseJSON :: Value -> Parser KernelCapabilities
parseJSON =
    String
-> (Object -> Parser KernelCapabilities)
-> Value
-> Parser KernelCapabilities
forall a. String -> (Object -> Parser a) -> Value -> Parser a
Core.withObject
      String
"KernelCapabilities"
      ( \Object
x ->
          Maybe [Text] -> Maybe [Text] -> KernelCapabilities
KernelCapabilities'
            (Maybe [Text] -> Maybe [Text] -> KernelCapabilities)
-> Parser (Maybe [Text])
-> Parser (Maybe [Text] -> KernelCapabilities)
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> (Object
x Object -> Text -> Parser (Maybe (Maybe [Text]))
forall a. FromJSON a => Object -> Text -> Parser (Maybe a)
Core..:? Text
"drop" Parser (Maybe (Maybe [Text]))
-> Maybe [Text] -> Parser (Maybe [Text])
forall a. Parser (Maybe a) -> a -> Parser a
Core..!= Maybe [Text]
forall a. Monoid a => a
Prelude.mempty)
            Parser (Maybe [Text] -> KernelCapabilities)
-> Parser (Maybe [Text]) -> Parser KernelCapabilities
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x Object -> Text -> Parser (Maybe (Maybe [Text]))
forall a. FromJSON a => Object -> Text -> Parser (Maybe a)
Core..:? Text
"add" Parser (Maybe (Maybe [Text]))
-> Maybe [Text] -> Parser (Maybe [Text])
forall a. Parser (Maybe a) -> a -> Parser a
Core..!= Maybe [Text]
forall a. Monoid a => a
Prelude.mempty)
      )

instance Prelude.Hashable KernelCapabilities

instance Prelude.NFData KernelCapabilities

instance Core.ToJSON KernelCapabilities where
  toJSON :: KernelCapabilities -> Value
toJSON KernelCapabilities' {Maybe [Text]
add :: Maybe [Text]
drop :: Maybe [Text]
$sel:add:KernelCapabilities' :: KernelCapabilities -> Maybe [Text]
$sel:drop:KernelCapabilities' :: KernelCapabilities -> Maybe [Text]
..} =
    [Pair] -> Value
Core.object
      ( [Maybe Pair] -> [Pair]
forall a. [Maybe a] -> [a]
Prelude.catMaybes
          [ (Text
"drop" Text -> [Text] -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..=) ([Text] -> Pair) -> Maybe [Text] -> Maybe Pair
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe [Text]
drop,
            (Text
"add" Text -> [Text] -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..=) ([Text] -> Pair) -> Maybe [Text] -> Maybe Pair
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe [Text]
add
          ]
      )