{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.Route53Resolver.Types.FirewallConfig
-- Copyright   : (c) 2013-2021 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
module Amazonka.Route53Resolver.Types.FirewallConfig where

import qualified Amazonka.Core as Core
import qualified Amazonka.Lens as Lens
import qualified Amazonka.Prelude as Prelude
import Amazonka.Route53Resolver.Types.FirewallFailOpenStatus

-- | Configuration of the firewall behavior provided by DNS Firewall for a
-- single VPC from Amazon Virtual Private Cloud (Amazon VPC).
--
-- /See:/ 'newFirewallConfig' smart constructor.
data FirewallConfig = FirewallConfig'
  { -- | The ID of the VPC that this firewall configuration applies to.
    FirewallConfig -> Maybe Text
resourceId :: Prelude.Maybe Prelude.Text,
    -- | The Amazon Web Services account ID of the owner of the VPC that this
    -- firewall configuration applies to.
    FirewallConfig -> Maybe Text
ownerId :: Prelude.Maybe Prelude.Text,
    -- | The ID of the firewall configuration.
    FirewallConfig -> Maybe Text
id :: Prelude.Maybe Prelude.Text,
    -- | Determines how DNS Firewall operates during failures, for example when
    -- all traffic that is sent to DNS Firewall fails to receive a reply.
    --
    -- -   By default, fail open is disabled, which means the failure mode is
    --     closed. This approach favors security over availability. DNS
    --     Firewall returns a failure error when it is unable to properly
    --     evaluate a query.
    --
    -- -   If you enable this option, the failure mode is open. This approach
    --     favors availability over security. DNS Firewall allows queries to
    --     proceed if it is unable to properly evaluate them.
    --
    -- This behavior is only enforced for VPCs that have at least one DNS
    -- Firewall rule group association.
    FirewallConfig -> Maybe FirewallFailOpenStatus
firewallFailOpen :: Prelude.Maybe FirewallFailOpenStatus
  }
  deriving (FirewallConfig -> FirewallConfig -> Bool
(FirewallConfig -> FirewallConfig -> Bool)
-> (FirewallConfig -> FirewallConfig -> Bool) -> Eq FirewallConfig
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: FirewallConfig -> FirewallConfig -> Bool
$c/= :: FirewallConfig -> FirewallConfig -> Bool
== :: FirewallConfig -> FirewallConfig -> Bool
$c== :: FirewallConfig -> FirewallConfig -> Bool
Prelude.Eq, ReadPrec [FirewallConfig]
ReadPrec FirewallConfig
Int -> ReadS FirewallConfig
ReadS [FirewallConfig]
(Int -> ReadS FirewallConfig)
-> ReadS [FirewallConfig]
-> ReadPrec FirewallConfig
-> ReadPrec [FirewallConfig]
-> Read FirewallConfig
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [FirewallConfig]
$creadListPrec :: ReadPrec [FirewallConfig]
readPrec :: ReadPrec FirewallConfig
$creadPrec :: ReadPrec FirewallConfig
readList :: ReadS [FirewallConfig]
$creadList :: ReadS [FirewallConfig]
readsPrec :: Int -> ReadS FirewallConfig
$creadsPrec :: Int -> ReadS FirewallConfig
Prelude.Read, Int -> FirewallConfig -> ShowS
[FirewallConfig] -> ShowS
FirewallConfig -> String
(Int -> FirewallConfig -> ShowS)
-> (FirewallConfig -> String)
-> ([FirewallConfig] -> ShowS)
-> Show FirewallConfig
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [FirewallConfig] -> ShowS
$cshowList :: [FirewallConfig] -> ShowS
show :: FirewallConfig -> String
$cshow :: FirewallConfig -> String
showsPrec :: Int -> FirewallConfig -> ShowS
$cshowsPrec :: Int -> FirewallConfig -> ShowS
Prelude.Show, (forall x. FirewallConfig -> Rep FirewallConfig x)
-> (forall x. Rep FirewallConfig x -> FirewallConfig)
-> Generic FirewallConfig
forall x. Rep FirewallConfig x -> FirewallConfig
forall x. FirewallConfig -> Rep FirewallConfig x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x. Rep FirewallConfig x -> FirewallConfig
$cfrom :: forall x. FirewallConfig -> Rep FirewallConfig x
Prelude.Generic)

-- |
-- Create a value of 'FirewallConfig' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'resourceId', 'firewallConfig_resourceId' - The ID of the VPC that this firewall configuration applies to.
--
-- 'ownerId', 'firewallConfig_ownerId' - The Amazon Web Services account ID of the owner of the VPC that this
-- firewall configuration applies to.
--
-- 'id', 'firewallConfig_id' - The ID of the firewall configuration.
--
-- 'firewallFailOpen', 'firewallConfig_firewallFailOpen' - Determines how DNS Firewall operates during failures, for example when
-- all traffic that is sent to DNS Firewall fails to receive a reply.
--
-- -   By default, fail open is disabled, which means the failure mode is
--     closed. This approach favors security over availability. DNS
--     Firewall returns a failure error when it is unable to properly
--     evaluate a query.
--
-- -   If you enable this option, the failure mode is open. This approach
--     favors availability over security. DNS Firewall allows queries to
--     proceed if it is unable to properly evaluate them.
--
-- This behavior is only enforced for VPCs that have at least one DNS
-- Firewall rule group association.
newFirewallConfig ::
  FirewallConfig
newFirewallConfig :: FirewallConfig
newFirewallConfig =
  FirewallConfig' :: Maybe Text
-> Maybe Text
-> Maybe Text
-> Maybe FirewallFailOpenStatus
-> FirewallConfig
FirewallConfig'
    { $sel:resourceId:FirewallConfig' :: Maybe Text
resourceId = Maybe Text
forall a. Maybe a
Prelude.Nothing,
      $sel:ownerId:FirewallConfig' :: Maybe Text
ownerId = Maybe Text
forall a. Maybe a
Prelude.Nothing,
      $sel:id:FirewallConfig' :: Maybe Text
id = Maybe Text
forall a. Maybe a
Prelude.Nothing,
      $sel:firewallFailOpen:FirewallConfig' :: Maybe FirewallFailOpenStatus
firewallFailOpen = Maybe FirewallFailOpenStatus
forall a. Maybe a
Prelude.Nothing
    }

-- | The ID of the VPC that this firewall configuration applies to.
firewallConfig_resourceId :: Lens.Lens' FirewallConfig (Prelude.Maybe Prelude.Text)
firewallConfig_resourceId :: (Maybe Text -> f (Maybe Text))
-> FirewallConfig -> f FirewallConfig
firewallConfig_resourceId = (FirewallConfig -> Maybe Text)
-> (FirewallConfig -> Maybe Text -> FirewallConfig)
-> Lens FirewallConfig FirewallConfig (Maybe Text) (Maybe Text)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\FirewallConfig' {Maybe Text
resourceId :: Maybe Text
$sel:resourceId:FirewallConfig' :: FirewallConfig -> Maybe Text
resourceId} -> Maybe Text
resourceId) (\s :: FirewallConfig
s@FirewallConfig' {} Maybe Text
a -> FirewallConfig
s {$sel:resourceId:FirewallConfig' :: Maybe Text
resourceId = Maybe Text
a} :: FirewallConfig)

-- | The Amazon Web Services account ID of the owner of the VPC that this
-- firewall configuration applies to.
firewallConfig_ownerId :: Lens.Lens' FirewallConfig (Prelude.Maybe Prelude.Text)
firewallConfig_ownerId :: (Maybe Text -> f (Maybe Text))
-> FirewallConfig -> f FirewallConfig
firewallConfig_ownerId = (FirewallConfig -> Maybe Text)
-> (FirewallConfig -> Maybe Text -> FirewallConfig)
-> Lens FirewallConfig FirewallConfig (Maybe Text) (Maybe Text)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\FirewallConfig' {Maybe Text
ownerId :: Maybe Text
$sel:ownerId:FirewallConfig' :: FirewallConfig -> Maybe Text
ownerId} -> Maybe Text
ownerId) (\s :: FirewallConfig
s@FirewallConfig' {} Maybe Text
a -> FirewallConfig
s {$sel:ownerId:FirewallConfig' :: Maybe Text
ownerId = Maybe Text
a} :: FirewallConfig)

-- | The ID of the firewall configuration.
firewallConfig_id :: Lens.Lens' FirewallConfig (Prelude.Maybe Prelude.Text)
firewallConfig_id :: (Maybe Text -> f (Maybe Text))
-> FirewallConfig -> f FirewallConfig
firewallConfig_id = (FirewallConfig -> Maybe Text)
-> (FirewallConfig -> Maybe Text -> FirewallConfig)
-> Lens FirewallConfig FirewallConfig (Maybe Text) (Maybe Text)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\FirewallConfig' {Maybe Text
id :: Maybe Text
$sel:id:FirewallConfig' :: FirewallConfig -> Maybe Text
id} -> Maybe Text
id) (\s :: FirewallConfig
s@FirewallConfig' {} Maybe Text
a -> FirewallConfig
s {$sel:id:FirewallConfig' :: Maybe Text
id = Maybe Text
a} :: FirewallConfig)

-- | Determines how DNS Firewall operates during failures, for example when
-- all traffic that is sent to DNS Firewall fails to receive a reply.
--
-- -   By default, fail open is disabled, which means the failure mode is
--     closed. This approach favors security over availability. DNS
--     Firewall returns a failure error when it is unable to properly
--     evaluate a query.
--
-- -   If you enable this option, the failure mode is open. This approach
--     favors availability over security. DNS Firewall allows queries to
--     proceed if it is unable to properly evaluate them.
--
-- This behavior is only enforced for VPCs that have at least one DNS
-- Firewall rule group association.
firewallConfig_firewallFailOpen :: Lens.Lens' FirewallConfig (Prelude.Maybe FirewallFailOpenStatus)
firewallConfig_firewallFailOpen :: (Maybe FirewallFailOpenStatus -> f (Maybe FirewallFailOpenStatus))
-> FirewallConfig -> f FirewallConfig
firewallConfig_firewallFailOpen = (FirewallConfig -> Maybe FirewallFailOpenStatus)
-> (FirewallConfig
    -> Maybe FirewallFailOpenStatus -> FirewallConfig)
-> Lens
     FirewallConfig
     FirewallConfig
     (Maybe FirewallFailOpenStatus)
     (Maybe FirewallFailOpenStatus)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\FirewallConfig' {Maybe FirewallFailOpenStatus
firewallFailOpen :: Maybe FirewallFailOpenStatus
$sel:firewallFailOpen:FirewallConfig' :: FirewallConfig -> Maybe FirewallFailOpenStatus
firewallFailOpen} -> Maybe FirewallFailOpenStatus
firewallFailOpen) (\s :: FirewallConfig
s@FirewallConfig' {} Maybe FirewallFailOpenStatus
a -> FirewallConfig
s {$sel:firewallFailOpen:FirewallConfig' :: Maybe FirewallFailOpenStatus
firewallFailOpen = Maybe FirewallFailOpenStatus
a} :: FirewallConfig)

instance Core.FromJSON FirewallConfig where
  parseJSON :: Value -> Parser FirewallConfig
parseJSON =
    String
-> (Object -> Parser FirewallConfig)
-> Value
-> Parser FirewallConfig
forall a. String -> (Object -> Parser a) -> Value -> Parser a
Core.withObject
      String
"FirewallConfig"
      ( \Object
x ->
          Maybe Text
-> Maybe Text
-> Maybe Text
-> Maybe FirewallFailOpenStatus
-> FirewallConfig
FirewallConfig'
            (Maybe Text
 -> Maybe Text
 -> Maybe Text
 -> Maybe FirewallFailOpenStatus
 -> FirewallConfig)
-> Parser (Maybe Text)
-> Parser
     (Maybe Text
      -> Maybe Text -> Maybe FirewallFailOpenStatus -> FirewallConfig)
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> (Object
x Object -> Text -> Parser (Maybe Text)
forall a. FromJSON a => Object -> Text -> Parser (Maybe a)
Core..:? Text
"ResourceId")
            Parser
  (Maybe Text
   -> Maybe Text -> Maybe FirewallFailOpenStatus -> FirewallConfig)
-> Parser (Maybe Text)
-> Parser
     (Maybe Text -> Maybe FirewallFailOpenStatus -> FirewallConfig)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x Object -> Text -> Parser (Maybe Text)
forall a. FromJSON a => Object -> Text -> Parser (Maybe a)
Core..:? Text
"OwnerId")
            Parser
  (Maybe Text -> Maybe FirewallFailOpenStatus -> FirewallConfig)
-> Parser (Maybe Text)
-> Parser (Maybe FirewallFailOpenStatus -> FirewallConfig)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x Object -> Text -> Parser (Maybe Text)
forall a. FromJSON a => Object -> Text -> Parser (Maybe a)
Core..:? Text
"Id")
            Parser (Maybe FirewallFailOpenStatus -> FirewallConfig)
-> Parser (Maybe FirewallFailOpenStatus) -> Parser FirewallConfig
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x Object -> Text -> Parser (Maybe FirewallFailOpenStatus)
forall a. FromJSON a => Object -> Text -> Parser (Maybe a)
Core..:? Text
"FirewallFailOpen")
      )

instance Prelude.Hashable FirewallConfig

instance Prelude.NFData FirewallConfig