{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE TypeFamilies #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-binds #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.NetworkFirewall.PutResourcePolicy
-- Copyright   : (c) 2013-2021 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
--
-- Creates or updates an AWS Identity and Access Management policy for your
-- rule group or firewall policy. Use this to share rule groups and
-- firewall policies between accounts. This operation works in conjunction
-- with the AWS Resource Access Manager (RAM) service to manage resource
-- sharing for Network Firewall.
--
-- Use this operation to create or update a resource policy for your rule
-- group or firewall policy. In the policy, you specify the accounts that
-- you want to share the resource with and the operations that you want the
-- accounts to be able to perform.
--
-- When you add an account in the resource policy, you then run the
-- following Resource Access Manager (RAM) operations to access and accept
-- the shared rule group or firewall policy.
--
-- -   <https://docs.aws.amazon.com/ram/latest/APIReference/API_GetResourceShareInvitations.html GetResourceShareInvitations>
--     - Returns the Amazon Resource Names (ARNs) of the resource share
--     invitations.
--
-- -   <https://docs.aws.amazon.com/ram/latest/APIReference/API_AcceptResourceShareInvitation.html AcceptResourceShareInvitation>
--     - Accepts the share invitation for a specified resource share.
--
-- For additional information about resource sharing using RAM, see
-- <https://docs.aws.amazon.com/ram/latest/userguide/what-is.html AWS Resource Access Manager User Guide>.
module Amazonka.NetworkFirewall.PutResourcePolicy
  ( -- * Creating a Request
    PutResourcePolicy (..),
    newPutResourcePolicy,

    -- * Request Lenses
    putResourcePolicy_resourceArn,
    putResourcePolicy_policy,

    -- * Destructuring the Response
    PutResourcePolicyResponse (..),
    newPutResourcePolicyResponse,

    -- * Response Lenses
    putResourcePolicyResponse_httpStatus,
  )
where

import qualified Amazonka.Core as Core
import qualified Amazonka.Lens as Lens
import Amazonka.NetworkFirewall.Types
import qualified Amazonka.Prelude as Prelude
import qualified Amazonka.Request as Request
import qualified Amazonka.Response as Response

-- | /See:/ 'newPutResourcePolicy' smart constructor.
data PutResourcePolicy = PutResourcePolicy'
  { -- | The Amazon Resource Name (ARN) of the account that you want to share
    -- rule groups and firewall policies with.
    PutResourcePolicy -> Text
resourceArn :: Prelude.Text,
    -- | The AWS Identity and Access Management policy statement that lists the
    -- accounts that you want to share your rule group or firewall policy with
    -- and the operations that you want the accounts to be able to perform.
    --
    -- For a rule group resource, you can specify the following operations in
    -- the Actions section of the statement:
    --
    -- -   network-firewall:CreateFirewallPolicy
    --
    -- -   network-firewall:UpdateFirewallPolicy
    --
    -- -   network-firewall:ListRuleGroups
    --
    -- For a firewall policy resource, you can specify the following operations
    -- in the Actions section of the statement:
    --
    -- -   network-firewall:CreateFirewall
    --
    -- -   network-firewall:UpdateFirewall
    --
    -- -   network-firewall:AssociateFirewallPolicy
    --
    -- -   network-firewall:ListFirewallPolicies
    --
    -- In the Resource section of the statement, you specify the ARNs for the
    -- rule groups and firewall policies that you want to share with the
    -- account that you specified in @Arn@.
    PutResourcePolicy -> Text
policy :: Prelude.Text
  }
  deriving (PutResourcePolicy -> PutResourcePolicy -> Bool
(PutResourcePolicy -> PutResourcePolicy -> Bool)
-> (PutResourcePolicy -> PutResourcePolicy -> Bool)
-> Eq PutResourcePolicy
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: PutResourcePolicy -> PutResourcePolicy -> Bool
$c/= :: PutResourcePolicy -> PutResourcePolicy -> Bool
== :: PutResourcePolicy -> PutResourcePolicy -> Bool
$c== :: PutResourcePolicy -> PutResourcePolicy -> Bool
Prelude.Eq, ReadPrec [PutResourcePolicy]
ReadPrec PutResourcePolicy
Int -> ReadS PutResourcePolicy
ReadS [PutResourcePolicy]
(Int -> ReadS PutResourcePolicy)
-> ReadS [PutResourcePolicy]
-> ReadPrec PutResourcePolicy
-> ReadPrec [PutResourcePolicy]
-> Read PutResourcePolicy
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [PutResourcePolicy]
$creadListPrec :: ReadPrec [PutResourcePolicy]
readPrec :: ReadPrec PutResourcePolicy
$creadPrec :: ReadPrec PutResourcePolicy
readList :: ReadS [PutResourcePolicy]
$creadList :: ReadS [PutResourcePolicy]
readsPrec :: Int -> ReadS PutResourcePolicy
$creadsPrec :: Int -> ReadS PutResourcePolicy
Prelude.Read, Int -> PutResourcePolicy -> ShowS
[PutResourcePolicy] -> ShowS
PutResourcePolicy -> String
(Int -> PutResourcePolicy -> ShowS)
-> (PutResourcePolicy -> String)
-> ([PutResourcePolicy] -> ShowS)
-> Show PutResourcePolicy
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [PutResourcePolicy] -> ShowS
$cshowList :: [PutResourcePolicy] -> ShowS
show :: PutResourcePolicy -> String
$cshow :: PutResourcePolicy -> String
showsPrec :: Int -> PutResourcePolicy -> ShowS
$cshowsPrec :: Int -> PutResourcePolicy -> ShowS
Prelude.Show, (forall x. PutResourcePolicy -> Rep PutResourcePolicy x)
-> (forall x. Rep PutResourcePolicy x -> PutResourcePolicy)
-> Generic PutResourcePolicy
forall x. Rep PutResourcePolicy x -> PutResourcePolicy
forall x. PutResourcePolicy -> Rep PutResourcePolicy x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x. Rep PutResourcePolicy x -> PutResourcePolicy
$cfrom :: forall x. PutResourcePolicy -> Rep PutResourcePolicy x
Prelude.Generic)

-- |
-- Create a value of 'PutResourcePolicy' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'resourceArn', 'putResourcePolicy_resourceArn' - The Amazon Resource Name (ARN) of the account that you want to share
-- rule groups and firewall policies with.
--
-- 'policy', 'putResourcePolicy_policy' - The AWS Identity and Access Management policy statement that lists the
-- accounts that you want to share your rule group or firewall policy with
-- and the operations that you want the accounts to be able to perform.
--
-- For a rule group resource, you can specify the following operations in
-- the Actions section of the statement:
--
-- -   network-firewall:CreateFirewallPolicy
--
-- -   network-firewall:UpdateFirewallPolicy
--
-- -   network-firewall:ListRuleGroups
--
-- For a firewall policy resource, you can specify the following operations
-- in the Actions section of the statement:
--
-- -   network-firewall:CreateFirewall
--
-- -   network-firewall:UpdateFirewall
--
-- -   network-firewall:AssociateFirewallPolicy
--
-- -   network-firewall:ListFirewallPolicies
--
-- In the Resource section of the statement, you specify the ARNs for the
-- rule groups and firewall policies that you want to share with the
-- account that you specified in @Arn@.
newPutResourcePolicy ::
  -- | 'resourceArn'
  Prelude.Text ->
  -- | 'policy'
  Prelude.Text ->
  PutResourcePolicy
newPutResourcePolicy :: Text -> Text -> PutResourcePolicy
newPutResourcePolicy Text
pResourceArn_ Text
pPolicy_ =
  PutResourcePolicy' :: Text -> Text -> PutResourcePolicy
PutResourcePolicy'
    { $sel:resourceArn:PutResourcePolicy' :: Text
resourceArn = Text
pResourceArn_,
      $sel:policy:PutResourcePolicy' :: Text
policy = Text
pPolicy_
    }

-- | The Amazon Resource Name (ARN) of the account that you want to share
-- rule groups and firewall policies with.
putResourcePolicy_resourceArn :: Lens.Lens' PutResourcePolicy Prelude.Text
putResourcePolicy_resourceArn :: (Text -> f Text) -> PutResourcePolicy -> f PutResourcePolicy
putResourcePolicy_resourceArn = (PutResourcePolicy -> Text)
-> (PutResourcePolicy -> Text -> PutResourcePolicy)
-> Lens PutResourcePolicy PutResourcePolicy Text Text
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\PutResourcePolicy' {Text
resourceArn :: Text
$sel:resourceArn:PutResourcePolicy' :: PutResourcePolicy -> Text
resourceArn} -> Text
resourceArn) (\s :: PutResourcePolicy
s@PutResourcePolicy' {} Text
a -> PutResourcePolicy
s {$sel:resourceArn:PutResourcePolicy' :: Text
resourceArn = Text
a} :: PutResourcePolicy)

-- | The AWS Identity and Access Management policy statement that lists the
-- accounts that you want to share your rule group or firewall policy with
-- and the operations that you want the accounts to be able to perform.
--
-- For a rule group resource, you can specify the following operations in
-- the Actions section of the statement:
--
-- -   network-firewall:CreateFirewallPolicy
--
-- -   network-firewall:UpdateFirewallPolicy
--
-- -   network-firewall:ListRuleGroups
--
-- For a firewall policy resource, you can specify the following operations
-- in the Actions section of the statement:
--
-- -   network-firewall:CreateFirewall
--
-- -   network-firewall:UpdateFirewall
--
-- -   network-firewall:AssociateFirewallPolicy
--
-- -   network-firewall:ListFirewallPolicies
--
-- In the Resource section of the statement, you specify the ARNs for the
-- rule groups and firewall policies that you want to share with the
-- account that you specified in @Arn@.
putResourcePolicy_policy :: Lens.Lens' PutResourcePolicy Prelude.Text
putResourcePolicy_policy :: (Text -> f Text) -> PutResourcePolicy -> f PutResourcePolicy
putResourcePolicy_policy = (PutResourcePolicy -> Text)
-> (PutResourcePolicy -> Text -> PutResourcePolicy)
-> Lens PutResourcePolicy PutResourcePolicy Text Text
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\PutResourcePolicy' {Text
policy :: Text
$sel:policy:PutResourcePolicy' :: PutResourcePolicy -> Text
policy} -> Text
policy) (\s :: PutResourcePolicy
s@PutResourcePolicy' {} Text
a -> PutResourcePolicy
s {$sel:policy:PutResourcePolicy' :: Text
policy = Text
a} :: PutResourcePolicy)

instance Core.AWSRequest PutResourcePolicy where
  type
    AWSResponse PutResourcePolicy =
      PutResourcePolicyResponse
  request :: PutResourcePolicy -> Request PutResourcePolicy
request = Service -> PutResourcePolicy -> Request PutResourcePolicy
forall a. (ToRequest a, ToJSON a) => Service -> a -> Request a
Request.postJSON Service
defaultService
  response :: Logger
-> Service
-> Proxy PutResourcePolicy
-> ClientResponse ClientBody
-> m (Either
        Error (ClientResponse (AWSResponse PutResourcePolicy)))
response =
    (Int
 -> ResponseHeaders
 -> ()
 -> Either String (AWSResponse PutResourcePolicy))
-> Logger
-> Service
-> Proxy PutResourcePolicy
-> ClientResponse ClientBody
-> m (Either
        Error (ClientResponse (AWSResponse PutResourcePolicy)))
forall (m :: * -> *) a.
MonadResource m =>
(Int -> ResponseHeaders -> () -> Either String (AWSResponse a))
-> Logger
-> Service
-> Proxy a
-> ClientResponse ClientBody
-> m (Either Error (ClientResponse (AWSResponse a)))
Response.receiveEmpty
      ( \Int
s ResponseHeaders
h ()
x ->
          Int -> PutResourcePolicyResponse
PutResourcePolicyResponse'
            (Int -> PutResourcePolicyResponse)
-> Either String Int -> Either String PutResourcePolicyResponse
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> (Int -> Either String Int
forall (f :: * -> *) a. Applicative f => a -> f a
Prelude.pure (Int -> Int
forall a. Enum a => a -> Int
Prelude.fromEnum Int
s))
      )

instance Prelude.Hashable PutResourcePolicy

instance Prelude.NFData PutResourcePolicy

instance Core.ToHeaders PutResourcePolicy where
  toHeaders :: PutResourcePolicy -> ResponseHeaders
toHeaders =
    ResponseHeaders -> PutResourcePolicy -> ResponseHeaders
forall a b. a -> b -> a
Prelude.const
      ( [ResponseHeaders] -> ResponseHeaders
forall a. Monoid a => [a] -> a
Prelude.mconcat
          [ HeaderName
"X-Amz-Target"
              HeaderName -> ByteString -> ResponseHeaders
forall a. ToHeader a => HeaderName -> a -> ResponseHeaders
Core.=# ( ByteString
"NetworkFirewall_20201112.PutResourcePolicy" ::
                          Prelude.ByteString
                      ),
            HeaderName
"Content-Type"
              HeaderName -> ByteString -> ResponseHeaders
forall a. ToHeader a => HeaderName -> a -> ResponseHeaders
Core.=# ( ByteString
"application/x-amz-json-1.0" ::
                          Prelude.ByteString
                      )
          ]
      )

instance Core.ToJSON PutResourcePolicy where
  toJSON :: PutResourcePolicy -> Value
toJSON PutResourcePolicy' {Text
policy :: Text
resourceArn :: Text
$sel:policy:PutResourcePolicy' :: PutResourcePolicy -> Text
$sel:resourceArn:PutResourcePolicy' :: PutResourcePolicy -> Text
..} =
    [Pair] -> Value
Core.object
      ( [Maybe Pair] -> [Pair]
forall a. [Maybe a] -> [a]
Prelude.catMaybes
          [ Pair -> Maybe Pair
forall a. a -> Maybe a
Prelude.Just (Text
"ResourceArn" Text -> Text -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..= Text
resourceArn),
            Pair -> Maybe Pair
forall a. a -> Maybe a
Prelude.Just (Text
"Policy" Text -> Text -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..= Text
policy)
          ]
      )

instance Core.ToPath PutResourcePolicy where
  toPath :: PutResourcePolicy -> ByteString
toPath = ByteString -> PutResourcePolicy -> ByteString
forall a b. a -> b -> a
Prelude.const ByteString
"/"

instance Core.ToQuery PutResourcePolicy where
  toQuery :: PutResourcePolicy -> QueryString
toQuery = QueryString -> PutResourcePolicy -> QueryString
forall a b. a -> b -> a
Prelude.const QueryString
forall a. Monoid a => a
Prelude.mempty

-- | /See:/ 'newPutResourcePolicyResponse' smart constructor.
data PutResourcePolicyResponse = PutResourcePolicyResponse'
  { -- | The response's http status code.
    PutResourcePolicyResponse -> Int
httpStatus :: Prelude.Int
  }
  deriving (PutResourcePolicyResponse -> PutResourcePolicyResponse -> Bool
(PutResourcePolicyResponse -> PutResourcePolicyResponse -> Bool)
-> (PutResourcePolicyResponse -> PutResourcePolicyResponse -> Bool)
-> Eq PutResourcePolicyResponse
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: PutResourcePolicyResponse -> PutResourcePolicyResponse -> Bool
$c/= :: PutResourcePolicyResponse -> PutResourcePolicyResponse -> Bool
== :: PutResourcePolicyResponse -> PutResourcePolicyResponse -> Bool
$c== :: PutResourcePolicyResponse -> PutResourcePolicyResponse -> Bool
Prelude.Eq, ReadPrec [PutResourcePolicyResponse]
ReadPrec PutResourcePolicyResponse
Int -> ReadS PutResourcePolicyResponse
ReadS [PutResourcePolicyResponse]
(Int -> ReadS PutResourcePolicyResponse)
-> ReadS [PutResourcePolicyResponse]
-> ReadPrec PutResourcePolicyResponse
-> ReadPrec [PutResourcePolicyResponse]
-> Read PutResourcePolicyResponse
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [PutResourcePolicyResponse]
$creadListPrec :: ReadPrec [PutResourcePolicyResponse]
readPrec :: ReadPrec PutResourcePolicyResponse
$creadPrec :: ReadPrec PutResourcePolicyResponse
readList :: ReadS [PutResourcePolicyResponse]
$creadList :: ReadS [PutResourcePolicyResponse]
readsPrec :: Int -> ReadS PutResourcePolicyResponse
$creadsPrec :: Int -> ReadS PutResourcePolicyResponse
Prelude.Read, Int -> PutResourcePolicyResponse -> ShowS
[PutResourcePolicyResponse] -> ShowS
PutResourcePolicyResponse -> String
(Int -> PutResourcePolicyResponse -> ShowS)
-> (PutResourcePolicyResponse -> String)
-> ([PutResourcePolicyResponse] -> ShowS)
-> Show PutResourcePolicyResponse
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [PutResourcePolicyResponse] -> ShowS
$cshowList :: [PutResourcePolicyResponse] -> ShowS
show :: PutResourcePolicyResponse -> String
$cshow :: PutResourcePolicyResponse -> String
showsPrec :: Int -> PutResourcePolicyResponse -> ShowS
$cshowsPrec :: Int -> PutResourcePolicyResponse -> ShowS
Prelude.Show, (forall x.
 PutResourcePolicyResponse -> Rep PutResourcePolicyResponse x)
-> (forall x.
    Rep PutResourcePolicyResponse x -> PutResourcePolicyResponse)
-> Generic PutResourcePolicyResponse
forall x.
Rep PutResourcePolicyResponse x -> PutResourcePolicyResponse
forall x.
PutResourcePolicyResponse -> Rep PutResourcePolicyResponse x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x.
Rep PutResourcePolicyResponse x -> PutResourcePolicyResponse
$cfrom :: forall x.
PutResourcePolicyResponse -> Rep PutResourcePolicyResponse x
Prelude.Generic)

-- |
-- Create a value of 'PutResourcePolicyResponse' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'httpStatus', 'putResourcePolicyResponse_httpStatus' - The response's http status code.
newPutResourcePolicyResponse ::
  -- | 'httpStatus'
  Prelude.Int ->
  PutResourcePolicyResponse
newPutResourcePolicyResponse :: Int -> PutResourcePolicyResponse
newPutResourcePolicyResponse Int
pHttpStatus_ =
  PutResourcePolicyResponse' :: Int -> PutResourcePolicyResponse
PutResourcePolicyResponse'
    { $sel:httpStatus:PutResourcePolicyResponse' :: Int
httpStatus =
        Int
pHttpStatus_
    }

-- | The response's http status code.
putResourcePolicyResponse_httpStatus :: Lens.Lens' PutResourcePolicyResponse Prelude.Int
putResourcePolicyResponse_httpStatus :: (Int -> f Int)
-> PutResourcePolicyResponse -> f PutResourcePolicyResponse
putResourcePolicyResponse_httpStatus = (PutResourcePolicyResponse -> Int)
-> (PutResourcePolicyResponse -> Int -> PutResourcePolicyResponse)
-> Lens PutResourcePolicyResponse PutResourcePolicyResponse Int Int
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\PutResourcePolicyResponse' {Int
httpStatus :: Int
$sel:httpStatus:PutResourcePolicyResponse' :: PutResourcePolicyResponse -> Int
httpStatus} -> Int
httpStatus) (\s :: PutResourcePolicyResponse
s@PutResourcePolicyResponse' {} Int
a -> PutResourcePolicyResponse
s {$sel:httpStatus:PutResourcePolicyResponse' :: Int
httpStatus = Int
a} :: PutResourcePolicyResponse)

instance Prelude.NFData PutResourcePolicyResponse