{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.S3.Types.PublicAccessBlockConfiguration
-- Copyright   : (c) 2013-2021 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
module Amazonka.S3.Types.PublicAccessBlockConfiguration where

import qualified Amazonka.Core as Core
import qualified Amazonka.Lens as Lens
import qualified Amazonka.Prelude as Prelude
import Amazonka.S3.Internal

-- | The PublicAccessBlock configuration that you want to apply to this
-- Amazon S3 bucket. You can enable the configuration options in any
-- combination. For more information about when Amazon S3 considers a
-- bucket or object public, see
-- <https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html#access-control-block-public-access-policy-status The Meaning of \"Public\">
-- in the /Amazon S3 User Guide/.
--
-- /See:/ 'newPublicAccessBlockConfiguration' smart constructor.
data PublicAccessBlockConfiguration = PublicAccessBlockConfiguration'
  { -- | Specifies whether Amazon S3 should ignore public ACLs for this bucket
    -- and objects in this bucket. Setting this element to @TRUE@ causes Amazon
    -- S3 to ignore all public ACLs on this bucket and objects in this bucket.
    --
    -- Enabling this setting doesn\'t affect the persistence of any existing
    -- ACLs and doesn\'t prevent new public ACLs from being set.
    PublicAccessBlockConfiguration -> Maybe Bool
ignorePublicAcls :: Prelude.Maybe Prelude.Bool,
    -- | Specifies whether Amazon S3 should block public access control lists
    -- (ACLs) for this bucket and objects in this bucket. Setting this element
    -- to @TRUE@ causes the following behavior:
    --
    -- -   PUT Bucket acl and PUT Object acl calls fail if the specified ACL is
    --     public.
    --
    -- -   PUT Object calls fail if the request includes a public ACL.
    --
    -- -   PUT Bucket calls fail if the request includes a public ACL.
    --
    -- Enabling this setting doesn\'t affect existing policies or ACLs.
    PublicAccessBlockConfiguration -> Maybe Bool
blockPublicAcls :: Prelude.Maybe Prelude.Bool,
    -- | Specifies whether Amazon S3 should restrict public bucket policies for
    -- this bucket. Setting this element to @TRUE@ restricts access to this
    -- bucket to only Amazon Web Service principals and authorized users within
    -- this account if the bucket has a public policy.
    --
    -- Enabling this setting doesn\'t affect previously stored bucket policies,
    -- except that public and cross-account access within any public bucket
    -- policy, including non-public delegation to specific accounts, is
    -- blocked.
    PublicAccessBlockConfiguration -> Maybe Bool
restrictPublicBuckets :: Prelude.Maybe Prelude.Bool,
    -- | Specifies whether Amazon S3 should block public bucket policies for this
    -- bucket. Setting this element to @TRUE@ causes Amazon S3 to reject calls
    -- to PUT Bucket policy if the specified bucket policy allows public
    -- access.
    --
    -- Enabling this setting doesn\'t affect existing bucket policies.
    PublicAccessBlockConfiguration -> Maybe Bool
blockPublicPolicy :: Prelude.Maybe Prelude.Bool
  }
  deriving (PublicAccessBlockConfiguration
-> PublicAccessBlockConfiguration -> Bool
(PublicAccessBlockConfiguration
 -> PublicAccessBlockConfiguration -> Bool)
-> (PublicAccessBlockConfiguration
    -> PublicAccessBlockConfiguration -> Bool)
-> Eq PublicAccessBlockConfiguration
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: PublicAccessBlockConfiguration
-> PublicAccessBlockConfiguration -> Bool
$c/= :: PublicAccessBlockConfiguration
-> PublicAccessBlockConfiguration -> Bool
== :: PublicAccessBlockConfiguration
-> PublicAccessBlockConfiguration -> Bool
$c== :: PublicAccessBlockConfiguration
-> PublicAccessBlockConfiguration -> Bool
Prelude.Eq, ReadPrec [PublicAccessBlockConfiguration]
ReadPrec PublicAccessBlockConfiguration
Int -> ReadS PublicAccessBlockConfiguration
ReadS [PublicAccessBlockConfiguration]
(Int -> ReadS PublicAccessBlockConfiguration)
-> ReadS [PublicAccessBlockConfiguration]
-> ReadPrec PublicAccessBlockConfiguration
-> ReadPrec [PublicAccessBlockConfiguration]
-> Read PublicAccessBlockConfiguration
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [PublicAccessBlockConfiguration]
$creadListPrec :: ReadPrec [PublicAccessBlockConfiguration]
readPrec :: ReadPrec PublicAccessBlockConfiguration
$creadPrec :: ReadPrec PublicAccessBlockConfiguration
readList :: ReadS [PublicAccessBlockConfiguration]
$creadList :: ReadS [PublicAccessBlockConfiguration]
readsPrec :: Int -> ReadS PublicAccessBlockConfiguration
$creadsPrec :: Int -> ReadS PublicAccessBlockConfiguration
Prelude.Read, Int -> PublicAccessBlockConfiguration -> ShowS
[PublicAccessBlockConfiguration] -> ShowS
PublicAccessBlockConfiguration -> String
(Int -> PublicAccessBlockConfiguration -> ShowS)
-> (PublicAccessBlockConfiguration -> String)
-> ([PublicAccessBlockConfiguration] -> ShowS)
-> Show PublicAccessBlockConfiguration
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [PublicAccessBlockConfiguration] -> ShowS
$cshowList :: [PublicAccessBlockConfiguration] -> ShowS
show :: PublicAccessBlockConfiguration -> String
$cshow :: PublicAccessBlockConfiguration -> String
showsPrec :: Int -> PublicAccessBlockConfiguration -> ShowS
$cshowsPrec :: Int -> PublicAccessBlockConfiguration -> ShowS
Prelude.Show, (forall x.
 PublicAccessBlockConfiguration
 -> Rep PublicAccessBlockConfiguration x)
-> (forall x.
    Rep PublicAccessBlockConfiguration x
    -> PublicAccessBlockConfiguration)
-> Generic PublicAccessBlockConfiguration
forall x.
Rep PublicAccessBlockConfiguration x
-> PublicAccessBlockConfiguration
forall x.
PublicAccessBlockConfiguration
-> Rep PublicAccessBlockConfiguration x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x.
Rep PublicAccessBlockConfiguration x
-> PublicAccessBlockConfiguration
$cfrom :: forall x.
PublicAccessBlockConfiguration
-> Rep PublicAccessBlockConfiguration x
Prelude.Generic)

-- |
-- Create a value of 'PublicAccessBlockConfiguration' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'ignorePublicAcls', 'publicAccessBlockConfiguration_ignorePublicAcls' - Specifies whether Amazon S3 should ignore public ACLs for this bucket
-- and objects in this bucket. Setting this element to @TRUE@ causes Amazon
-- S3 to ignore all public ACLs on this bucket and objects in this bucket.
--
-- Enabling this setting doesn\'t affect the persistence of any existing
-- ACLs and doesn\'t prevent new public ACLs from being set.
--
-- 'blockPublicAcls', 'publicAccessBlockConfiguration_blockPublicAcls' - Specifies whether Amazon S3 should block public access control lists
-- (ACLs) for this bucket and objects in this bucket. Setting this element
-- to @TRUE@ causes the following behavior:
--
-- -   PUT Bucket acl and PUT Object acl calls fail if the specified ACL is
--     public.
--
-- -   PUT Object calls fail if the request includes a public ACL.
--
-- -   PUT Bucket calls fail if the request includes a public ACL.
--
-- Enabling this setting doesn\'t affect existing policies or ACLs.
--
-- 'restrictPublicBuckets', 'publicAccessBlockConfiguration_restrictPublicBuckets' - Specifies whether Amazon S3 should restrict public bucket policies for
-- this bucket. Setting this element to @TRUE@ restricts access to this
-- bucket to only Amazon Web Service principals and authorized users within
-- this account if the bucket has a public policy.
--
-- Enabling this setting doesn\'t affect previously stored bucket policies,
-- except that public and cross-account access within any public bucket
-- policy, including non-public delegation to specific accounts, is
-- blocked.
--
-- 'blockPublicPolicy', 'publicAccessBlockConfiguration_blockPublicPolicy' - Specifies whether Amazon S3 should block public bucket policies for this
-- bucket. Setting this element to @TRUE@ causes Amazon S3 to reject calls
-- to PUT Bucket policy if the specified bucket policy allows public
-- access.
--
-- Enabling this setting doesn\'t affect existing bucket policies.
newPublicAccessBlockConfiguration ::
  PublicAccessBlockConfiguration
newPublicAccessBlockConfiguration :: PublicAccessBlockConfiguration
newPublicAccessBlockConfiguration =
  PublicAccessBlockConfiguration' :: Maybe Bool
-> Maybe Bool
-> Maybe Bool
-> Maybe Bool
-> PublicAccessBlockConfiguration
PublicAccessBlockConfiguration'
    { $sel:ignorePublicAcls:PublicAccessBlockConfiguration' :: Maybe Bool
ignorePublicAcls =
        Maybe Bool
forall a. Maybe a
Prelude.Nothing,
      $sel:blockPublicAcls:PublicAccessBlockConfiguration' :: Maybe Bool
blockPublicAcls = Maybe Bool
forall a. Maybe a
Prelude.Nothing,
      $sel:restrictPublicBuckets:PublicAccessBlockConfiguration' :: Maybe Bool
restrictPublicBuckets = Maybe Bool
forall a. Maybe a
Prelude.Nothing,
      $sel:blockPublicPolicy:PublicAccessBlockConfiguration' :: Maybe Bool
blockPublicPolicy = Maybe Bool
forall a. Maybe a
Prelude.Nothing
    }

-- | Specifies whether Amazon S3 should ignore public ACLs for this bucket
-- and objects in this bucket. Setting this element to @TRUE@ causes Amazon
-- S3 to ignore all public ACLs on this bucket and objects in this bucket.
--
-- Enabling this setting doesn\'t affect the persistence of any existing
-- ACLs and doesn\'t prevent new public ACLs from being set.
publicAccessBlockConfiguration_ignorePublicAcls :: Lens.Lens' PublicAccessBlockConfiguration (Prelude.Maybe Prelude.Bool)
publicAccessBlockConfiguration_ignorePublicAcls :: (Maybe Bool -> f (Maybe Bool))
-> PublicAccessBlockConfiguration
-> f PublicAccessBlockConfiguration
publicAccessBlockConfiguration_ignorePublicAcls = (PublicAccessBlockConfiguration -> Maybe Bool)
-> (PublicAccessBlockConfiguration
    -> Maybe Bool -> PublicAccessBlockConfiguration)
-> Lens
     PublicAccessBlockConfiguration
     PublicAccessBlockConfiguration
     (Maybe Bool)
     (Maybe Bool)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\PublicAccessBlockConfiguration' {Maybe Bool
ignorePublicAcls :: Maybe Bool
$sel:ignorePublicAcls:PublicAccessBlockConfiguration' :: PublicAccessBlockConfiguration -> Maybe Bool
ignorePublicAcls} -> Maybe Bool
ignorePublicAcls) (\s :: PublicAccessBlockConfiguration
s@PublicAccessBlockConfiguration' {} Maybe Bool
a -> PublicAccessBlockConfiguration
s {$sel:ignorePublicAcls:PublicAccessBlockConfiguration' :: Maybe Bool
ignorePublicAcls = Maybe Bool
a} :: PublicAccessBlockConfiguration)

-- | Specifies whether Amazon S3 should block public access control lists
-- (ACLs) for this bucket and objects in this bucket. Setting this element
-- to @TRUE@ causes the following behavior:
--
-- -   PUT Bucket acl and PUT Object acl calls fail if the specified ACL is
--     public.
--
-- -   PUT Object calls fail if the request includes a public ACL.
--
-- -   PUT Bucket calls fail if the request includes a public ACL.
--
-- Enabling this setting doesn\'t affect existing policies or ACLs.
publicAccessBlockConfiguration_blockPublicAcls :: Lens.Lens' PublicAccessBlockConfiguration (Prelude.Maybe Prelude.Bool)
publicAccessBlockConfiguration_blockPublicAcls :: (Maybe Bool -> f (Maybe Bool))
-> PublicAccessBlockConfiguration
-> f PublicAccessBlockConfiguration
publicAccessBlockConfiguration_blockPublicAcls = (PublicAccessBlockConfiguration -> Maybe Bool)
-> (PublicAccessBlockConfiguration
    -> Maybe Bool -> PublicAccessBlockConfiguration)
-> Lens
     PublicAccessBlockConfiguration
     PublicAccessBlockConfiguration
     (Maybe Bool)
     (Maybe Bool)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\PublicAccessBlockConfiguration' {Maybe Bool
blockPublicAcls :: Maybe Bool
$sel:blockPublicAcls:PublicAccessBlockConfiguration' :: PublicAccessBlockConfiguration -> Maybe Bool
blockPublicAcls} -> Maybe Bool
blockPublicAcls) (\s :: PublicAccessBlockConfiguration
s@PublicAccessBlockConfiguration' {} Maybe Bool
a -> PublicAccessBlockConfiguration
s {$sel:blockPublicAcls:PublicAccessBlockConfiguration' :: Maybe Bool
blockPublicAcls = Maybe Bool
a} :: PublicAccessBlockConfiguration)

-- | Specifies whether Amazon S3 should restrict public bucket policies for
-- this bucket. Setting this element to @TRUE@ restricts access to this
-- bucket to only Amazon Web Service principals and authorized users within
-- this account if the bucket has a public policy.
--
-- Enabling this setting doesn\'t affect previously stored bucket policies,
-- except that public and cross-account access within any public bucket
-- policy, including non-public delegation to specific accounts, is
-- blocked.
publicAccessBlockConfiguration_restrictPublicBuckets :: Lens.Lens' PublicAccessBlockConfiguration (Prelude.Maybe Prelude.Bool)
publicAccessBlockConfiguration_restrictPublicBuckets :: (Maybe Bool -> f (Maybe Bool))
-> PublicAccessBlockConfiguration
-> f PublicAccessBlockConfiguration
publicAccessBlockConfiguration_restrictPublicBuckets = (PublicAccessBlockConfiguration -> Maybe Bool)
-> (PublicAccessBlockConfiguration
    -> Maybe Bool -> PublicAccessBlockConfiguration)
-> Lens
     PublicAccessBlockConfiguration
     PublicAccessBlockConfiguration
     (Maybe Bool)
     (Maybe Bool)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\PublicAccessBlockConfiguration' {Maybe Bool
restrictPublicBuckets :: Maybe Bool
$sel:restrictPublicBuckets:PublicAccessBlockConfiguration' :: PublicAccessBlockConfiguration -> Maybe Bool
restrictPublicBuckets} -> Maybe Bool
restrictPublicBuckets) (\s :: PublicAccessBlockConfiguration
s@PublicAccessBlockConfiguration' {} Maybe Bool
a -> PublicAccessBlockConfiguration
s {$sel:restrictPublicBuckets:PublicAccessBlockConfiguration' :: Maybe Bool
restrictPublicBuckets = Maybe Bool
a} :: PublicAccessBlockConfiguration)

-- | Specifies whether Amazon S3 should block public bucket policies for this
-- bucket. Setting this element to @TRUE@ causes Amazon S3 to reject calls
-- to PUT Bucket policy if the specified bucket policy allows public
-- access.
--
-- Enabling this setting doesn\'t affect existing bucket policies.
publicAccessBlockConfiguration_blockPublicPolicy :: Lens.Lens' PublicAccessBlockConfiguration (Prelude.Maybe Prelude.Bool)
publicAccessBlockConfiguration_blockPublicPolicy :: (Maybe Bool -> f (Maybe Bool))
-> PublicAccessBlockConfiguration
-> f PublicAccessBlockConfiguration
publicAccessBlockConfiguration_blockPublicPolicy = (PublicAccessBlockConfiguration -> Maybe Bool)
-> (PublicAccessBlockConfiguration
    -> Maybe Bool -> PublicAccessBlockConfiguration)
-> Lens
     PublicAccessBlockConfiguration
     PublicAccessBlockConfiguration
     (Maybe Bool)
     (Maybe Bool)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\PublicAccessBlockConfiguration' {Maybe Bool
blockPublicPolicy :: Maybe Bool
$sel:blockPublicPolicy:PublicAccessBlockConfiguration' :: PublicAccessBlockConfiguration -> Maybe Bool
blockPublicPolicy} -> Maybe Bool
blockPublicPolicy) (\s :: PublicAccessBlockConfiguration
s@PublicAccessBlockConfiguration' {} Maybe Bool
a -> PublicAccessBlockConfiguration
s {$sel:blockPublicPolicy:PublicAccessBlockConfiguration' :: Maybe Bool
blockPublicPolicy = Maybe Bool
a} :: PublicAccessBlockConfiguration)

instance Core.FromXML PublicAccessBlockConfiguration where
  parseXML :: [Node] -> Either String PublicAccessBlockConfiguration
parseXML [Node]
x =
    Maybe Bool
-> Maybe Bool
-> Maybe Bool
-> Maybe Bool
-> PublicAccessBlockConfiguration
PublicAccessBlockConfiguration'
      (Maybe Bool
 -> Maybe Bool
 -> Maybe Bool
 -> Maybe Bool
 -> PublicAccessBlockConfiguration)
-> Either String (Maybe Bool)
-> Either
     String
     (Maybe Bool
      -> Maybe Bool -> Maybe Bool -> PublicAccessBlockConfiguration)
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> ([Node]
x [Node] -> Text -> Either String (Maybe Bool)
forall a. FromXML a => [Node] -> Text -> Either String (Maybe a)
Core..@? Text
"IgnorePublicAcls")
      Either
  String
  (Maybe Bool
   -> Maybe Bool -> Maybe Bool -> PublicAccessBlockConfiguration)
-> Either String (Maybe Bool)
-> Either
     String (Maybe Bool -> Maybe Bool -> PublicAccessBlockConfiguration)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> ([Node]
x [Node] -> Text -> Either String (Maybe Bool)
forall a. FromXML a => [Node] -> Text -> Either String (Maybe a)
Core..@? Text
"BlockPublicAcls")
      Either
  String (Maybe Bool -> Maybe Bool -> PublicAccessBlockConfiguration)
-> Either String (Maybe Bool)
-> Either String (Maybe Bool -> PublicAccessBlockConfiguration)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> ([Node]
x [Node] -> Text -> Either String (Maybe Bool)
forall a. FromXML a => [Node] -> Text -> Either String (Maybe a)
Core..@? Text
"RestrictPublicBuckets")
      Either String (Maybe Bool -> PublicAccessBlockConfiguration)
-> Either String (Maybe Bool)
-> Either String PublicAccessBlockConfiguration
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> ([Node]
x [Node] -> Text -> Either String (Maybe Bool)
forall a. FromXML a => [Node] -> Text -> Either String (Maybe a)
Core..@? Text
"BlockPublicPolicy")

instance
  Prelude.Hashable
    PublicAccessBlockConfiguration

instance
  Prelude.NFData
    PublicAccessBlockConfiguration

instance Core.ToXML PublicAccessBlockConfiguration where
  toXML :: PublicAccessBlockConfiguration -> XML
toXML PublicAccessBlockConfiguration' {Maybe Bool
blockPublicPolicy :: Maybe Bool
restrictPublicBuckets :: Maybe Bool
blockPublicAcls :: Maybe Bool
ignorePublicAcls :: Maybe Bool
$sel:blockPublicPolicy:PublicAccessBlockConfiguration' :: PublicAccessBlockConfiguration -> Maybe Bool
$sel:restrictPublicBuckets:PublicAccessBlockConfiguration' :: PublicAccessBlockConfiguration -> Maybe Bool
$sel:blockPublicAcls:PublicAccessBlockConfiguration' :: PublicAccessBlockConfiguration -> Maybe Bool
$sel:ignorePublicAcls:PublicAccessBlockConfiguration' :: PublicAccessBlockConfiguration -> Maybe Bool
..} =
    [XML] -> XML
forall a. Monoid a => [a] -> a
Prelude.mconcat
      [ Name
"IgnorePublicAcls" Name -> Maybe Bool -> XML
forall a. ToXML a => Name -> a -> XML
Core.@= Maybe Bool
ignorePublicAcls,
        Name
"BlockPublicAcls" Name -> Maybe Bool -> XML
forall a. ToXML a => Name -> a -> XML
Core.@= Maybe Bool
blockPublicAcls,
        Name
"RestrictPublicBuckets"
          Name -> Maybe Bool -> XML
forall a. ToXML a => Name -> a -> XML
Core.@= Maybe Bool
restrictPublicBuckets,
        Name
"BlockPublicPolicy" Name -> Maybe Bool -> XML
forall a. ToXML a => Name -> a -> XML
Core.@= Maybe Bool
blockPublicPolicy
      ]