{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE TypeFamilies #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-binds #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.EFS.PutFileSystemPolicy
-- Copyright   : (c) 2013-2021 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
--
-- Applies an Amazon EFS @FileSystemPolicy@ to an Amazon EFS file system. A
-- file system policy is an IAM resource-based policy and can contain
-- multiple policy statements. A file system always has exactly one file
-- system policy, which can be the default policy or an explicit policy set
-- or updated using this API operation. EFS file system policies have a
-- 20,000 character limit. When an explicit policy is set, it overrides the
-- default policy. For more information about the default file system
-- policy, see
-- <https://docs.aws.amazon.com/efs/latest/ug/iam-access-control-nfs-efs.html#default-filesystempolicy Default EFS File System Policy>.
--
-- EFS file system policies have a 20,000 character limit.
--
-- This operation requires permissions for the
-- @elasticfilesystem:PutFileSystemPolicy@ action.
module Amazonka.EFS.PutFileSystemPolicy
  ( -- * Creating a Request
    PutFileSystemPolicy (..),
    newPutFileSystemPolicy,

    -- * Request Lenses
    putFileSystemPolicy_bypassPolicyLockoutSafetyCheck,
    putFileSystemPolicy_fileSystemId,
    putFileSystemPolicy_policy,

    -- * Destructuring the Response
    FileSystemPolicyDescription (..),
    newFileSystemPolicyDescription,

    -- * Response Lenses
    fileSystemPolicyDescription_fileSystemId,
    fileSystemPolicyDescription_policy,
  )
where

import qualified Amazonka.Core as Core
import Amazonka.EFS.Types
import qualified Amazonka.Lens as Lens
import qualified Amazonka.Prelude as Prelude
import qualified Amazonka.Request as Request
import qualified Amazonka.Response as Response

-- | /See:/ 'newPutFileSystemPolicy' smart constructor.
data PutFileSystemPolicy = PutFileSystemPolicy'
  { -- | (Optional) A flag to indicate whether to bypass the @FileSystemPolicy@
    -- lockout safety check. The policy lockout safety check determines whether
    -- the policy in the request will prevent the principal making the request
    -- will be locked out from making future @PutFileSystemPolicy@ requests on
    -- the file system. Set @BypassPolicyLockoutSafetyCheck@ to @True@ only
    -- when you intend to prevent the principal that is making the request from
    -- making a subsequent @PutFileSystemPolicy@ request on the file system.
    -- The default value is False.
    PutFileSystemPolicy -> Maybe Bool
bypassPolicyLockoutSafetyCheck :: Prelude.Maybe Prelude.Bool,
    -- | The ID of the EFS file system that you want to create or update the
    -- @FileSystemPolicy@ for.
    PutFileSystemPolicy -> Text
fileSystemId :: Prelude.Text,
    -- | The @FileSystemPolicy@ that you\'re creating. Accepts a JSON formatted
    -- policy definition. EFS file system policies have a 20,000 character
    -- limit. To find out more about the elements that make up a file system
    -- policy, see
    -- <https://docs.aws.amazon.com/efs/latest/ug/access-control-overview.html#access-control-manage-access-intro-resource-policies EFS Resource-based Policies>.
    PutFileSystemPolicy -> Text
policy :: Prelude.Text
  }
  deriving (PutFileSystemPolicy -> PutFileSystemPolicy -> Bool
(PutFileSystemPolicy -> PutFileSystemPolicy -> Bool)
-> (PutFileSystemPolicy -> PutFileSystemPolicy -> Bool)
-> Eq PutFileSystemPolicy
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: PutFileSystemPolicy -> PutFileSystemPolicy -> Bool
$c/= :: PutFileSystemPolicy -> PutFileSystemPolicy -> Bool
== :: PutFileSystemPolicy -> PutFileSystemPolicy -> Bool
$c== :: PutFileSystemPolicy -> PutFileSystemPolicy -> Bool
Prelude.Eq, ReadPrec [PutFileSystemPolicy]
ReadPrec PutFileSystemPolicy
Int -> ReadS PutFileSystemPolicy
ReadS [PutFileSystemPolicy]
(Int -> ReadS PutFileSystemPolicy)
-> ReadS [PutFileSystemPolicy]
-> ReadPrec PutFileSystemPolicy
-> ReadPrec [PutFileSystemPolicy]
-> Read PutFileSystemPolicy
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [PutFileSystemPolicy]
$creadListPrec :: ReadPrec [PutFileSystemPolicy]
readPrec :: ReadPrec PutFileSystemPolicy
$creadPrec :: ReadPrec PutFileSystemPolicy
readList :: ReadS [PutFileSystemPolicy]
$creadList :: ReadS [PutFileSystemPolicy]
readsPrec :: Int -> ReadS PutFileSystemPolicy
$creadsPrec :: Int -> ReadS PutFileSystemPolicy
Prelude.Read, Int -> PutFileSystemPolicy -> ShowS
[PutFileSystemPolicy] -> ShowS
PutFileSystemPolicy -> String
(Int -> PutFileSystemPolicy -> ShowS)
-> (PutFileSystemPolicy -> String)
-> ([PutFileSystemPolicy] -> ShowS)
-> Show PutFileSystemPolicy
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [PutFileSystemPolicy] -> ShowS
$cshowList :: [PutFileSystemPolicy] -> ShowS
show :: PutFileSystemPolicy -> String
$cshow :: PutFileSystemPolicy -> String
showsPrec :: Int -> PutFileSystemPolicy -> ShowS
$cshowsPrec :: Int -> PutFileSystemPolicy -> ShowS
Prelude.Show, (forall x. PutFileSystemPolicy -> Rep PutFileSystemPolicy x)
-> (forall x. Rep PutFileSystemPolicy x -> PutFileSystemPolicy)
-> Generic PutFileSystemPolicy
forall x. Rep PutFileSystemPolicy x -> PutFileSystemPolicy
forall x. PutFileSystemPolicy -> Rep PutFileSystemPolicy x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x. Rep PutFileSystemPolicy x -> PutFileSystemPolicy
$cfrom :: forall x. PutFileSystemPolicy -> Rep PutFileSystemPolicy x
Prelude.Generic)

-- |
-- Create a value of 'PutFileSystemPolicy' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'bypassPolicyLockoutSafetyCheck', 'putFileSystemPolicy_bypassPolicyLockoutSafetyCheck' - (Optional) A flag to indicate whether to bypass the @FileSystemPolicy@
-- lockout safety check. The policy lockout safety check determines whether
-- the policy in the request will prevent the principal making the request
-- will be locked out from making future @PutFileSystemPolicy@ requests on
-- the file system. Set @BypassPolicyLockoutSafetyCheck@ to @True@ only
-- when you intend to prevent the principal that is making the request from
-- making a subsequent @PutFileSystemPolicy@ request on the file system.
-- The default value is False.
--
-- 'fileSystemId', 'putFileSystemPolicy_fileSystemId' - The ID of the EFS file system that you want to create or update the
-- @FileSystemPolicy@ for.
--
-- 'policy', 'putFileSystemPolicy_policy' - The @FileSystemPolicy@ that you\'re creating. Accepts a JSON formatted
-- policy definition. EFS file system policies have a 20,000 character
-- limit. To find out more about the elements that make up a file system
-- policy, see
-- <https://docs.aws.amazon.com/efs/latest/ug/access-control-overview.html#access-control-manage-access-intro-resource-policies EFS Resource-based Policies>.
newPutFileSystemPolicy ::
  -- | 'fileSystemId'
  Prelude.Text ->
  -- | 'policy'
  Prelude.Text ->
  PutFileSystemPolicy
newPutFileSystemPolicy :: Text -> Text -> PutFileSystemPolicy
newPutFileSystemPolicy Text
pFileSystemId_ Text
pPolicy_ =
  PutFileSystemPolicy' :: Maybe Bool -> Text -> Text -> PutFileSystemPolicy
PutFileSystemPolicy'
    { $sel:bypassPolicyLockoutSafetyCheck:PutFileSystemPolicy' :: Maybe Bool
bypassPolicyLockoutSafetyCheck =
        Maybe Bool
forall a. Maybe a
Prelude.Nothing,
      $sel:fileSystemId:PutFileSystemPolicy' :: Text
fileSystemId = Text
pFileSystemId_,
      $sel:policy:PutFileSystemPolicy' :: Text
policy = Text
pPolicy_
    }

-- | (Optional) A flag to indicate whether to bypass the @FileSystemPolicy@
-- lockout safety check. The policy lockout safety check determines whether
-- the policy in the request will prevent the principal making the request
-- will be locked out from making future @PutFileSystemPolicy@ requests on
-- the file system. Set @BypassPolicyLockoutSafetyCheck@ to @True@ only
-- when you intend to prevent the principal that is making the request from
-- making a subsequent @PutFileSystemPolicy@ request on the file system.
-- The default value is False.
putFileSystemPolicy_bypassPolicyLockoutSafetyCheck :: Lens.Lens' PutFileSystemPolicy (Prelude.Maybe Prelude.Bool)
putFileSystemPolicy_bypassPolicyLockoutSafetyCheck :: (Maybe Bool -> f (Maybe Bool))
-> PutFileSystemPolicy -> f PutFileSystemPolicy
putFileSystemPolicy_bypassPolicyLockoutSafetyCheck = (PutFileSystemPolicy -> Maybe Bool)
-> (PutFileSystemPolicy -> Maybe Bool -> PutFileSystemPolicy)
-> Lens
     PutFileSystemPolicy PutFileSystemPolicy (Maybe Bool) (Maybe Bool)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\PutFileSystemPolicy' {Maybe Bool
bypassPolicyLockoutSafetyCheck :: Maybe Bool
$sel:bypassPolicyLockoutSafetyCheck:PutFileSystemPolicy' :: PutFileSystemPolicy -> Maybe Bool
bypassPolicyLockoutSafetyCheck} -> Maybe Bool
bypassPolicyLockoutSafetyCheck) (\s :: PutFileSystemPolicy
s@PutFileSystemPolicy' {} Maybe Bool
a -> PutFileSystemPolicy
s {$sel:bypassPolicyLockoutSafetyCheck:PutFileSystemPolicy' :: Maybe Bool
bypassPolicyLockoutSafetyCheck = Maybe Bool
a} :: PutFileSystemPolicy)

-- | The ID of the EFS file system that you want to create or update the
-- @FileSystemPolicy@ for.
putFileSystemPolicy_fileSystemId :: Lens.Lens' PutFileSystemPolicy Prelude.Text
putFileSystemPolicy_fileSystemId :: (Text -> f Text) -> PutFileSystemPolicy -> f PutFileSystemPolicy
putFileSystemPolicy_fileSystemId = (PutFileSystemPolicy -> Text)
-> (PutFileSystemPolicy -> Text -> PutFileSystemPolicy)
-> Lens PutFileSystemPolicy PutFileSystemPolicy Text Text
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\PutFileSystemPolicy' {Text
fileSystemId :: Text
$sel:fileSystemId:PutFileSystemPolicy' :: PutFileSystemPolicy -> Text
fileSystemId} -> Text
fileSystemId) (\s :: PutFileSystemPolicy
s@PutFileSystemPolicy' {} Text
a -> PutFileSystemPolicy
s {$sel:fileSystemId:PutFileSystemPolicy' :: Text
fileSystemId = Text
a} :: PutFileSystemPolicy)

-- | The @FileSystemPolicy@ that you\'re creating. Accepts a JSON formatted
-- policy definition. EFS file system policies have a 20,000 character
-- limit. To find out more about the elements that make up a file system
-- policy, see
-- <https://docs.aws.amazon.com/efs/latest/ug/access-control-overview.html#access-control-manage-access-intro-resource-policies EFS Resource-based Policies>.
putFileSystemPolicy_policy :: Lens.Lens' PutFileSystemPolicy Prelude.Text
putFileSystemPolicy_policy :: (Text -> f Text) -> PutFileSystemPolicy -> f PutFileSystemPolicy
putFileSystemPolicy_policy = (PutFileSystemPolicy -> Text)
-> (PutFileSystemPolicy -> Text -> PutFileSystemPolicy)
-> Lens PutFileSystemPolicy PutFileSystemPolicy Text Text
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\PutFileSystemPolicy' {Text
policy :: Text
$sel:policy:PutFileSystemPolicy' :: PutFileSystemPolicy -> Text
policy} -> Text
policy) (\s :: PutFileSystemPolicy
s@PutFileSystemPolicy' {} Text
a -> PutFileSystemPolicy
s {$sel:policy:PutFileSystemPolicy' :: Text
policy = Text
a} :: PutFileSystemPolicy)

instance Core.AWSRequest PutFileSystemPolicy where
  type
    AWSResponse PutFileSystemPolicy =
      FileSystemPolicyDescription
  request :: PutFileSystemPolicy -> Request PutFileSystemPolicy
request = Service -> PutFileSystemPolicy -> Request PutFileSystemPolicy
forall a. (ToRequest a, ToJSON a) => Service -> a -> Request a
Request.putJSON Service
defaultService
  response :: Logger
-> Service
-> Proxy PutFileSystemPolicy
-> ClientResponse ClientBody
-> m (Either
        Error (ClientResponse (AWSResponse PutFileSystemPolicy)))
response =
    (Int
 -> ResponseHeaders
 -> Object
 -> Either String (AWSResponse PutFileSystemPolicy))
-> Logger
-> Service
-> Proxy PutFileSystemPolicy
-> ClientResponse ClientBody
-> m (Either
        Error (ClientResponse (AWSResponse PutFileSystemPolicy)))
forall (m :: * -> *) a.
MonadResource m =>
(Int -> ResponseHeaders -> Object -> Either String (AWSResponse a))
-> Logger
-> Service
-> Proxy a
-> ClientResponse ClientBody
-> m (Either Error (ClientResponse (AWSResponse a)))
Response.receiveJSON
      (\Int
s ResponseHeaders
h Object
x -> Object -> Either String FileSystemPolicyDescription
forall a. FromJSON a => Object -> Either String a
Core.eitherParseJSON Object
x)

instance Prelude.Hashable PutFileSystemPolicy

instance Prelude.NFData PutFileSystemPolicy

instance Core.ToHeaders PutFileSystemPolicy where
  toHeaders :: PutFileSystemPolicy -> ResponseHeaders
toHeaders = ResponseHeaders -> PutFileSystemPolicy -> ResponseHeaders
forall a b. a -> b -> a
Prelude.const ResponseHeaders
forall a. Monoid a => a
Prelude.mempty

instance Core.ToJSON PutFileSystemPolicy where
  toJSON :: PutFileSystemPolicy -> Value
toJSON PutFileSystemPolicy' {Maybe Bool
Text
policy :: Text
fileSystemId :: Text
bypassPolicyLockoutSafetyCheck :: Maybe Bool
$sel:policy:PutFileSystemPolicy' :: PutFileSystemPolicy -> Text
$sel:fileSystemId:PutFileSystemPolicy' :: PutFileSystemPolicy -> Text
$sel:bypassPolicyLockoutSafetyCheck:PutFileSystemPolicy' :: PutFileSystemPolicy -> Maybe Bool
..} =
    [Pair] -> Value
Core.object
      ( [Maybe Pair] -> [Pair]
forall a. [Maybe a] -> [a]
Prelude.catMaybes
          [ (Text
"BypassPolicyLockoutSafetyCheck" Text -> Bool -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..=)
              (Bool -> Pair) -> Maybe Bool -> Maybe Pair
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe Bool
bypassPolicyLockoutSafetyCheck,
            Pair -> Maybe Pair
forall a. a -> Maybe a
Prelude.Just (Text
"Policy" Text -> Text -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..= Text
policy)
          ]
      )

instance Core.ToPath PutFileSystemPolicy where
  toPath :: PutFileSystemPolicy -> ByteString
toPath PutFileSystemPolicy' {Maybe Bool
Text
policy :: Text
fileSystemId :: Text
bypassPolicyLockoutSafetyCheck :: Maybe Bool
$sel:policy:PutFileSystemPolicy' :: PutFileSystemPolicy -> Text
$sel:fileSystemId:PutFileSystemPolicy' :: PutFileSystemPolicy -> Text
$sel:bypassPolicyLockoutSafetyCheck:PutFileSystemPolicy' :: PutFileSystemPolicy -> Maybe Bool
..} =
    [ByteString] -> ByteString
forall a. Monoid a => [a] -> a
Prelude.mconcat
      [ ByteString
"/2015-02-01/file-systems/",
        Text -> ByteString
forall a. ToByteString a => a -> ByteString
Core.toBS Text
fileSystemId,
        ByteString
"/policy"
      ]

instance Core.ToQuery PutFileSystemPolicy where
  toQuery :: PutFileSystemPolicy -> QueryString
toQuery = QueryString -> PutFileSystemPolicy -> QueryString
forall a b. a -> b -> a
Prelude.const QueryString
forall a. Monoid a => a
Prelude.mempty