{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.NetworkFirewall.Types.StatefulRule
-- Copyright   : (c) 2013-2021 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
module Amazonka.NetworkFirewall.Types.StatefulRule where

import qualified Amazonka.Core as Core
import qualified Amazonka.Lens as Lens
import Amazonka.NetworkFirewall.Types.Header
import Amazonka.NetworkFirewall.Types.RuleOption
import Amazonka.NetworkFirewall.Types.StatefulAction
import qualified Amazonka.Prelude as Prelude

-- | A single Suricata rules specification, for use in a stateful rule group.
-- Use this option to specify a simple Suricata rule with protocol, source
-- and destination, ports, direction, and rule options. For information
-- about the Suricata @Rules@ format, see
-- <https://suricata.readthedocs.io/en/suricata-5.0.0/rules/intro.html# Rules Format>.
--
-- /See:/ 'newStatefulRule' smart constructor.
data StatefulRule = StatefulRule'
  { -- | Defines what Network Firewall should do with the packets in a traffic
    -- flow when the flow matches the stateful rule criteria. For all actions,
    -- Network Firewall performs the specified action and discontinues stateful
    -- inspection of the traffic flow.
    --
    -- The actions for a stateful rule are defined as follows:
    --
    -- -   __PASS__ - Permits the packets to go to the intended destination.
    --
    -- -   __DROP__ - Blocks the packets from going to the intended destination
    --     and sends an alert log message, if alert logging is configured in
    --     the Firewall LoggingConfiguration.
    --
    -- -   __ALERT__ - Permits the packets to go to the intended destination
    --     and sends an alert log message, if alert logging is configured in
    --     the Firewall LoggingConfiguration.
    --
    --     You can use this action to test a rule that you intend to use to
    --     drop traffic. You can enable the rule with @ALERT@ action, verify in
    --     the logs that the rule is filtering as you want, then change the
    --     action to @DROP@.
    StatefulRule -> StatefulAction
action :: StatefulAction,
    -- | The stateful inspection criteria for this rule, used to inspect traffic
    -- flows.
    StatefulRule -> Header
header :: Header,
    -- | Additional options for the rule. These are the Suricata @RuleOptions@
    -- settings.
    StatefulRule -> [RuleOption]
ruleOptions :: [RuleOption]
  }
  deriving (StatefulRule -> StatefulRule -> Bool
(StatefulRule -> StatefulRule -> Bool)
-> (StatefulRule -> StatefulRule -> Bool) -> Eq StatefulRule
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: StatefulRule -> StatefulRule -> Bool
$c/= :: StatefulRule -> StatefulRule -> Bool
== :: StatefulRule -> StatefulRule -> Bool
$c== :: StatefulRule -> StatefulRule -> Bool
Prelude.Eq, ReadPrec [StatefulRule]
ReadPrec StatefulRule
Int -> ReadS StatefulRule
ReadS [StatefulRule]
(Int -> ReadS StatefulRule)
-> ReadS [StatefulRule]
-> ReadPrec StatefulRule
-> ReadPrec [StatefulRule]
-> Read StatefulRule
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [StatefulRule]
$creadListPrec :: ReadPrec [StatefulRule]
readPrec :: ReadPrec StatefulRule
$creadPrec :: ReadPrec StatefulRule
readList :: ReadS [StatefulRule]
$creadList :: ReadS [StatefulRule]
readsPrec :: Int -> ReadS StatefulRule
$creadsPrec :: Int -> ReadS StatefulRule
Prelude.Read, Int -> StatefulRule -> ShowS
[StatefulRule] -> ShowS
StatefulRule -> String
(Int -> StatefulRule -> ShowS)
-> (StatefulRule -> String)
-> ([StatefulRule] -> ShowS)
-> Show StatefulRule
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [StatefulRule] -> ShowS
$cshowList :: [StatefulRule] -> ShowS
show :: StatefulRule -> String
$cshow :: StatefulRule -> String
showsPrec :: Int -> StatefulRule -> ShowS
$cshowsPrec :: Int -> StatefulRule -> ShowS
Prelude.Show, (forall x. StatefulRule -> Rep StatefulRule x)
-> (forall x. Rep StatefulRule x -> StatefulRule)
-> Generic StatefulRule
forall x. Rep StatefulRule x -> StatefulRule
forall x. StatefulRule -> Rep StatefulRule x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x. Rep StatefulRule x -> StatefulRule
$cfrom :: forall x. StatefulRule -> Rep StatefulRule x
Prelude.Generic)

-- |
-- Create a value of 'StatefulRule' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'action', 'statefulRule_action' - Defines what Network Firewall should do with the packets in a traffic
-- flow when the flow matches the stateful rule criteria. For all actions,
-- Network Firewall performs the specified action and discontinues stateful
-- inspection of the traffic flow.
--
-- The actions for a stateful rule are defined as follows:
--
-- -   __PASS__ - Permits the packets to go to the intended destination.
--
-- -   __DROP__ - Blocks the packets from going to the intended destination
--     and sends an alert log message, if alert logging is configured in
--     the Firewall LoggingConfiguration.
--
-- -   __ALERT__ - Permits the packets to go to the intended destination
--     and sends an alert log message, if alert logging is configured in
--     the Firewall LoggingConfiguration.
--
--     You can use this action to test a rule that you intend to use to
--     drop traffic. You can enable the rule with @ALERT@ action, verify in
--     the logs that the rule is filtering as you want, then change the
--     action to @DROP@.
--
-- 'header', 'statefulRule_header' - The stateful inspection criteria for this rule, used to inspect traffic
-- flows.
--
-- 'ruleOptions', 'statefulRule_ruleOptions' - Additional options for the rule. These are the Suricata @RuleOptions@
-- settings.
newStatefulRule ::
  -- | 'action'
  StatefulAction ->
  -- | 'header'
  Header ->
  StatefulRule
newStatefulRule :: StatefulAction -> Header -> StatefulRule
newStatefulRule StatefulAction
pAction_ Header
pHeader_ =
  StatefulRule' :: StatefulAction -> Header -> [RuleOption] -> StatefulRule
StatefulRule'
    { $sel:action:StatefulRule' :: StatefulAction
action = StatefulAction
pAction_,
      $sel:header:StatefulRule' :: Header
header = Header
pHeader_,
      $sel:ruleOptions:StatefulRule' :: [RuleOption]
ruleOptions = [RuleOption]
forall a. Monoid a => a
Prelude.mempty
    }

-- | Defines what Network Firewall should do with the packets in a traffic
-- flow when the flow matches the stateful rule criteria. For all actions,
-- Network Firewall performs the specified action and discontinues stateful
-- inspection of the traffic flow.
--
-- The actions for a stateful rule are defined as follows:
--
-- -   __PASS__ - Permits the packets to go to the intended destination.
--
-- -   __DROP__ - Blocks the packets from going to the intended destination
--     and sends an alert log message, if alert logging is configured in
--     the Firewall LoggingConfiguration.
--
-- -   __ALERT__ - Permits the packets to go to the intended destination
--     and sends an alert log message, if alert logging is configured in
--     the Firewall LoggingConfiguration.
--
--     You can use this action to test a rule that you intend to use to
--     drop traffic. You can enable the rule with @ALERT@ action, verify in
--     the logs that the rule is filtering as you want, then change the
--     action to @DROP@.
statefulRule_action :: Lens.Lens' StatefulRule StatefulAction
statefulRule_action :: (StatefulAction -> f StatefulAction)
-> StatefulRule -> f StatefulRule
statefulRule_action = (StatefulRule -> StatefulAction)
-> (StatefulRule -> StatefulAction -> StatefulRule)
-> Lens StatefulRule StatefulRule StatefulAction StatefulAction
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\StatefulRule' {StatefulAction
action :: StatefulAction
$sel:action:StatefulRule' :: StatefulRule -> StatefulAction
action} -> StatefulAction
action) (\s :: StatefulRule
s@StatefulRule' {} StatefulAction
a -> StatefulRule
s {$sel:action:StatefulRule' :: StatefulAction
action = StatefulAction
a} :: StatefulRule)

-- | The stateful inspection criteria for this rule, used to inspect traffic
-- flows.
statefulRule_header :: Lens.Lens' StatefulRule Header
statefulRule_header :: (Header -> f Header) -> StatefulRule -> f StatefulRule
statefulRule_header = (StatefulRule -> Header)
-> (StatefulRule -> Header -> StatefulRule)
-> Lens StatefulRule StatefulRule Header Header
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\StatefulRule' {Header
header :: Header
$sel:header:StatefulRule' :: StatefulRule -> Header
header} -> Header
header) (\s :: StatefulRule
s@StatefulRule' {} Header
a -> StatefulRule
s {$sel:header:StatefulRule' :: Header
header = Header
a} :: StatefulRule)

-- | Additional options for the rule. These are the Suricata @RuleOptions@
-- settings.
statefulRule_ruleOptions :: Lens.Lens' StatefulRule [RuleOption]
statefulRule_ruleOptions :: ([RuleOption] -> f [RuleOption]) -> StatefulRule -> f StatefulRule
statefulRule_ruleOptions = (StatefulRule -> [RuleOption])
-> (StatefulRule -> [RuleOption] -> StatefulRule)
-> Lens StatefulRule StatefulRule [RuleOption] [RuleOption]
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\StatefulRule' {[RuleOption]
ruleOptions :: [RuleOption]
$sel:ruleOptions:StatefulRule' :: StatefulRule -> [RuleOption]
ruleOptions} -> [RuleOption]
ruleOptions) (\s :: StatefulRule
s@StatefulRule' {} [RuleOption]
a -> StatefulRule
s {$sel:ruleOptions:StatefulRule' :: [RuleOption]
ruleOptions = [RuleOption]
a} :: StatefulRule) (([RuleOption] -> f [RuleOption])
 -> StatefulRule -> f StatefulRule)
-> (([RuleOption] -> f [RuleOption])
    -> [RuleOption] -> f [RuleOption])
-> ([RuleOption] -> f [RuleOption])
-> StatefulRule
-> f StatefulRule
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. ([RuleOption] -> f [RuleOption]) -> [RuleOption] -> f [RuleOption]
forall s t a b. (Coercible s a, Coercible t b) => Iso s t a b
Lens.coerced

instance Core.FromJSON StatefulRule where
  parseJSON :: Value -> Parser StatefulRule
parseJSON =
    String
-> (Object -> Parser StatefulRule) -> Value -> Parser StatefulRule
forall a. String -> (Object -> Parser a) -> Value -> Parser a
Core.withObject
      String
"StatefulRule"
      ( \Object
x ->
          StatefulAction -> Header -> [RuleOption] -> StatefulRule
StatefulRule'
            (StatefulAction -> Header -> [RuleOption] -> StatefulRule)
-> Parser StatefulAction
-> Parser (Header -> [RuleOption] -> StatefulRule)
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> (Object
x Object -> Text -> Parser StatefulAction
forall a. FromJSON a => Object -> Text -> Parser a
Core..: Text
"Action")
            Parser (Header -> [RuleOption] -> StatefulRule)
-> Parser Header -> Parser ([RuleOption] -> StatefulRule)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x Object -> Text -> Parser Header
forall a. FromJSON a => Object -> Text -> Parser a
Core..: Text
"Header")
            Parser ([RuleOption] -> StatefulRule)
-> Parser [RuleOption] -> Parser StatefulRule
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x Object -> Text -> Parser (Maybe [RuleOption])
forall a. FromJSON a => Object -> Text -> Parser (Maybe a)
Core..:? Text
"RuleOptions" Parser (Maybe [RuleOption]) -> [RuleOption] -> Parser [RuleOption]
forall a. Parser (Maybe a) -> a -> Parser a
Core..!= [RuleOption]
forall a. Monoid a => a
Prelude.mempty)
      )

instance Prelude.Hashable StatefulRule

instance Prelude.NFData StatefulRule

instance Core.ToJSON StatefulRule where
  toJSON :: StatefulRule -> Value
toJSON StatefulRule' {[RuleOption]
StatefulAction
Header
ruleOptions :: [RuleOption]
header :: Header
action :: StatefulAction
$sel:ruleOptions:StatefulRule' :: StatefulRule -> [RuleOption]
$sel:header:StatefulRule' :: StatefulRule -> Header
$sel:action:StatefulRule' :: StatefulRule -> StatefulAction
..} =
    [Pair] -> Value
Core.object
      ( [Maybe Pair] -> [Pair]
forall a. [Maybe a] -> [a]
Prelude.catMaybes
          [ Pair -> Maybe Pair
forall a. a -> Maybe a
Prelude.Just (Text
"Action" Text -> StatefulAction -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..= StatefulAction
action),
            Pair -> Maybe Pair
forall a. a -> Maybe a
Prelude.Just (Text
"Header" Text -> Header -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..= Header
header),
            Pair -> Maybe Pair
forall a. a -> Maybe a
Prelude.Just (Text
"RuleOptions" Text -> [RuleOption] -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..= [RuleOption]
ruleOptions)
          ]
      )