{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE TypeFamilies #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-binds #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.WAFRegional.PutPermissionPolicy
-- Copyright   : (c) 2013-2021 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
--
-- This is __AWS WAF Classic__ documentation. For more information, see
-- <https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html AWS WAF Classic>
-- in the developer guide.
--
-- __For the latest version of AWS WAF__, use the AWS WAFV2 API and see the
-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html AWS WAF Developer Guide>.
-- With the latest version, AWS WAF has a single set of endpoints for
-- regional and global use.
--
-- Attaches an IAM policy to the specified resource. The only supported use
-- for this action is to share a RuleGroup across accounts.
--
-- The @PutPermissionPolicy@ is subject to the following restrictions:
--
-- -   You can attach only one policy with each @PutPermissionPolicy@
--     request.
--
-- -   The policy must include an @Effect@, @Action@ and @Principal@.
--
-- -   @Effect@ must specify @Allow@.
--
-- -   The @Action@ in the policy must be @waf:UpdateWebACL@,
--     @waf-regional:UpdateWebACL@, @waf:GetRuleGroup@ and
--     @waf-regional:GetRuleGroup@ . Any extra or wildcard actions in the
--     policy will be rejected.
--
-- -   The policy cannot include a @Resource@ parameter.
--
-- -   The ARN in the request must be a valid WAF RuleGroup ARN and the
--     RuleGroup must exist in the same region.
--
-- -   The user making the request must be the owner of the RuleGroup.
--
-- -   Your policy must be composed using IAM Policy version 2012-10-17.
--
-- For more information, see
-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html IAM Policies>.
--
-- An example of a valid policy parameter is shown in the Examples section
-- below.
module Amazonka.WAFRegional.PutPermissionPolicy
  ( -- * Creating a Request
    PutPermissionPolicy (..),
    newPutPermissionPolicy,

    -- * Request Lenses
    putPermissionPolicy_resourceArn,
    putPermissionPolicy_policy,

    -- * Destructuring the Response
    PutPermissionPolicyResponse (..),
    newPutPermissionPolicyResponse,

    -- * Response Lenses
    putPermissionPolicyResponse_httpStatus,
  )
where

import qualified Amazonka.Core as Core
import qualified Amazonka.Lens as Lens
import qualified Amazonka.Prelude as Prelude
import qualified Amazonka.Request as Request
import qualified Amazonka.Response as Response
import Amazonka.WAFRegional.Types

-- | /See:/ 'newPutPermissionPolicy' smart constructor.
data PutPermissionPolicy = PutPermissionPolicy'
  { -- | The Amazon Resource Name (ARN) of the RuleGroup to which you want to
    -- attach the policy.
    PutPermissionPolicy -> Text
resourceArn :: Prelude.Text,
    -- | The policy to attach to the specified RuleGroup.
    PutPermissionPolicy -> Text
policy :: Prelude.Text
  }
  deriving (PutPermissionPolicy -> PutPermissionPolicy -> Bool
(PutPermissionPolicy -> PutPermissionPolicy -> Bool)
-> (PutPermissionPolicy -> PutPermissionPolicy -> Bool)
-> Eq PutPermissionPolicy
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: PutPermissionPolicy -> PutPermissionPolicy -> Bool
$c/= :: PutPermissionPolicy -> PutPermissionPolicy -> Bool
== :: PutPermissionPolicy -> PutPermissionPolicy -> Bool
$c== :: PutPermissionPolicy -> PutPermissionPolicy -> Bool
Prelude.Eq, ReadPrec [PutPermissionPolicy]
ReadPrec PutPermissionPolicy
Int -> ReadS PutPermissionPolicy
ReadS [PutPermissionPolicy]
(Int -> ReadS PutPermissionPolicy)
-> ReadS [PutPermissionPolicy]
-> ReadPrec PutPermissionPolicy
-> ReadPrec [PutPermissionPolicy]
-> Read PutPermissionPolicy
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [PutPermissionPolicy]
$creadListPrec :: ReadPrec [PutPermissionPolicy]
readPrec :: ReadPrec PutPermissionPolicy
$creadPrec :: ReadPrec PutPermissionPolicy
readList :: ReadS [PutPermissionPolicy]
$creadList :: ReadS [PutPermissionPolicy]
readsPrec :: Int -> ReadS PutPermissionPolicy
$creadsPrec :: Int -> ReadS PutPermissionPolicy
Prelude.Read, Int -> PutPermissionPolicy -> ShowS
[PutPermissionPolicy] -> ShowS
PutPermissionPolicy -> String
(Int -> PutPermissionPolicy -> ShowS)
-> (PutPermissionPolicy -> String)
-> ([PutPermissionPolicy] -> ShowS)
-> Show PutPermissionPolicy
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [PutPermissionPolicy] -> ShowS
$cshowList :: [PutPermissionPolicy] -> ShowS
show :: PutPermissionPolicy -> String
$cshow :: PutPermissionPolicy -> String
showsPrec :: Int -> PutPermissionPolicy -> ShowS
$cshowsPrec :: Int -> PutPermissionPolicy -> ShowS
Prelude.Show, (forall x. PutPermissionPolicy -> Rep PutPermissionPolicy x)
-> (forall x. Rep PutPermissionPolicy x -> PutPermissionPolicy)
-> Generic PutPermissionPolicy
forall x. Rep PutPermissionPolicy x -> PutPermissionPolicy
forall x. PutPermissionPolicy -> Rep PutPermissionPolicy x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x. Rep PutPermissionPolicy x -> PutPermissionPolicy
$cfrom :: forall x. PutPermissionPolicy -> Rep PutPermissionPolicy x
Prelude.Generic)

-- |
-- Create a value of 'PutPermissionPolicy' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'resourceArn', 'putPermissionPolicy_resourceArn' - The Amazon Resource Name (ARN) of the RuleGroup to which you want to
-- attach the policy.
--
-- 'policy', 'putPermissionPolicy_policy' - The policy to attach to the specified RuleGroup.
newPutPermissionPolicy ::
  -- | 'resourceArn'
  Prelude.Text ->
  -- | 'policy'
  Prelude.Text ->
  PutPermissionPolicy
newPutPermissionPolicy :: Text -> Text -> PutPermissionPolicy
newPutPermissionPolicy Text
pResourceArn_ Text
pPolicy_ =
  PutPermissionPolicy' :: Text -> Text -> PutPermissionPolicy
PutPermissionPolicy'
    { $sel:resourceArn:PutPermissionPolicy' :: Text
resourceArn = Text
pResourceArn_,
      $sel:policy:PutPermissionPolicy' :: Text
policy = Text
pPolicy_
    }

-- | The Amazon Resource Name (ARN) of the RuleGroup to which you want to
-- attach the policy.
putPermissionPolicy_resourceArn :: Lens.Lens' PutPermissionPolicy Prelude.Text
putPermissionPolicy_resourceArn :: (Text -> f Text) -> PutPermissionPolicy -> f PutPermissionPolicy
putPermissionPolicy_resourceArn = (PutPermissionPolicy -> Text)
-> (PutPermissionPolicy -> Text -> PutPermissionPolicy)
-> Lens PutPermissionPolicy PutPermissionPolicy Text Text
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\PutPermissionPolicy' {Text
resourceArn :: Text
$sel:resourceArn:PutPermissionPolicy' :: PutPermissionPolicy -> Text
resourceArn} -> Text
resourceArn) (\s :: PutPermissionPolicy
s@PutPermissionPolicy' {} Text
a -> PutPermissionPolicy
s {$sel:resourceArn:PutPermissionPolicy' :: Text
resourceArn = Text
a} :: PutPermissionPolicy)

-- | The policy to attach to the specified RuleGroup.
putPermissionPolicy_policy :: Lens.Lens' PutPermissionPolicy Prelude.Text
putPermissionPolicy_policy :: (Text -> f Text) -> PutPermissionPolicy -> f PutPermissionPolicy
putPermissionPolicy_policy = (PutPermissionPolicy -> Text)
-> (PutPermissionPolicy -> Text -> PutPermissionPolicy)
-> Lens PutPermissionPolicy PutPermissionPolicy Text Text
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\PutPermissionPolicy' {Text
policy :: Text
$sel:policy:PutPermissionPolicy' :: PutPermissionPolicy -> Text
policy} -> Text
policy) (\s :: PutPermissionPolicy
s@PutPermissionPolicy' {} Text
a -> PutPermissionPolicy
s {$sel:policy:PutPermissionPolicy' :: Text
policy = Text
a} :: PutPermissionPolicy)

instance Core.AWSRequest PutPermissionPolicy where
  type
    AWSResponse PutPermissionPolicy =
      PutPermissionPolicyResponse
  request :: PutPermissionPolicy -> Request PutPermissionPolicy
request = Service -> PutPermissionPolicy -> Request PutPermissionPolicy
forall a. (ToRequest a, ToJSON a) => Service -> a -> Request a
Request.postJSON Service
defaultService
  response :: Logger
-> Service
-> Proxy PutPermissionPolicy
-> ClientResponse ClientBody
-> m (Either
        Error (ClientResponse (AWSResponse PutPermissionPolicy)))
response =
    (Int
 -> ResponseHeaders
 -> ()
 -> Either String (AWSResponse PutPermissionPolicy))
-> Logger
-> Service
-> Proxy PutPermissionPolicy
-> ClientResponse ClientBody
-> m (Either
        Error (ClientResponse (AWSResponse PutPermissionPolicy)))
forall (m :: * -> *) a.
MonadResource m =>
(Int -> ResponseHeaders -> () -> Either String (AWSResponse a))
-> Logger
-> Service
-> Proxy a
-> ClientResponse ClientBody
-> m (Either Error (ClientResponse (AWSResponse a)))
Response.receiveEmpty
      ( \Int
s ResponseHeaders
h ()
x ->
          Int -> PutPermissionPolicyResponse
PutPermissionPolicyResponse'
            (Int -> PutPermissionPolicyResponse)
-> Either String Int -> Either String PutPermissionPolicyResponse
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> (Int -> Either String Int
forall (f :: * -> *) a. Applicative f => a -> f a
Prelude.pure (Int -> Int
forall a. Enum a => a -> Int
Prelude.fromEnum Int
s))
      )

instance Prelude.Hashable PutPermissionPolicy

instance Prelude.NFData PutPermissionPolicy

instance Core.ToHeaders PutPermissionPolicy where
  toHeaders :: PutPermissionPolicy -> ResponseHeaders
toHeaders =
    ResponseHeaders -> PutPermissionPolicy -> ResponseHeaders
forall a b. a -> b -> a
Prelude.const
      ( [ResponseHeaders] -> ResponseHeaders
forall a. Monoid a => [a] -> a
Prelude.mconcat
          [ HeaderName
"X-Amz-Target"
              HeaderName -> ByteString -> ResponseHeaders
forall a. ToHeader a => HeaderName -> a -> ResponseHeaders
Core.=# ( ByteString
"AWSWAF_Regional_20161128.PutPermissionPolicy" ::
                          Prelude.ByteString
                      ),
            HeaderName
"Content-Type"
              HeaderName -> ByteString -> ResponseHeaders
forall a. ToHeader a => HeaderName -> a -> ResponseHeaders
Core.=# ( ByteString
"application/x-amz-json-1.1" ::
                          Prelude.ByteString
                      )
          ]
      )

instance Core.ToJSON PutPermissionPolicy where
  toJSON :: PutPermissionPolicy -> Value
toJSON PutPermissionPolicy' {Text
policy :: Text
resourceArn :: Text
$sel:policy:PutPermissionPolicy' :: PutPermissionPolicy -> Text
$sel:resourceArn:PutPermissionPolicy' :: PutPermissionPolicy -> Text
..} =
    [Pair] -> Value
Core.object
      ( [Maybe Pair] -> [Pair]
forall a. [Maybe a] -> [a]
Prelude.catMaybes
          [ Pair -> Maybe Pair
forall a. a -> Maybe a
Prelude.Just (Text
"ResourceArn" Text -> Text -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..= Text
resourceArn),
            Pair -> Maybe Pair
forall a. a -> Maybe a
Prelude.Just (Text
"Policy" Text -> Text -> Pair
forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv
Core..= Text
policy)
          ]
      )

instance Core.ToPath PutPermissionPolicy where
  toPath :: PutPermissionPolicy -> ByteString
toPath = ByteString -> PutPermissionPolicy -> ByteString
forall a b. a -> b -> a
Prelude.const ByteString
"/"

instance Core.ToQuery PutPermissionPolicy where
  toQuery :: PutPermissionPolicy -> QueryString
toQuery = QueryString -> PutPermissionPolicy -> QueryString
forall a b. a -> b -> a
Prelude.const QueryString
forall a. Monoid a => a
Prelude.mempty

-- | /See:/ 'newPutPermissionPolicyResponse' smart constructor.
data PutPermissionPolicyResponse = PutPermissionPolicyResponse'
  { -- | The response's http status code.
    PutPermissionPolicyResponse -> Int
httpStatus :: Prelude.Int
  }
  deriving (PutPermissionPolicyResponse -> PutPermissionPolicyResponse -> Bool
(PutPermissionPolicyResponse
 -> PutPermissionPolicyResponse -> Bool)
-> (PutPermissionPolicyResponse
    -> PutPermissionPolicyResponse -> Bool)
-> Eq PutPermissionPolicyResponse
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: PutPermissionPolicyResponse -> PutPermissionPolicyResponse -> Bool
$c/= :: PutPermissionPolicyResponse -> PutPermissionPolicyResponse -> Bool
== :: PutPermissionPolicyResponse -> PutPermissionPolicyResponse -> Bool
$c== :: PutPermissionPolicyResponse -> PutPermissionPolicyResponse -> Bool
Prelude.Eq, ReadPrec [PutPermissionPolicyResponse]
ReadPrec PutPermissionPolicyResponse
Int -> ReadS PutPermissionPolicyResponse
ReadS [PutPermissionPolicyResponse]
(Int -> ReadS PutPermissionPolicyResponse)
-> ReadS [PutPermissionPolicyResponse]
-> ReadPrec PutPermissionPolicyResponse
-> ReadPrec [PutPermissionPolicyResponse]
-> Read PutPermissionPolicyResponse
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [PutPermissionPolicyResponse]
$creadListPrec :: ReadPrec [PutPermissionPolicyResponse]
readPrec :: ReadPrec PutPermissionPolicyResponse
$creadPrec :: ReadPrec PutPermissionPolicyResponse
readList :: ReadS [PutPermissionPolicyResponse]
$creadList :: ReadS [PutPermissionPolicyResponse]
readsPrec :: Int -> ReadS PutPermissionPolicyResponse
$creadsPrec :: Int -> ReadS PutPermissionPolicyResponse
Prelude.Read, Int -> PutPermissionPolicyResponse -> ShowS
[PutPermissionPolicyResponse] -> ShowS
PutPermissionPolicyResponse -> String
(Int -> PutPermissionPolicyResponse -> ShowS)
-> (PutPermissionPolicyResponse -> String)
-> ([PutPermissionPolicyResponse] -> ShowS)
-> Show PutPermissionPolicyResponse
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [PutPermissionPolicyResponse] -> ShowS
$cshowList :: [PutPermissionPolicyResponse] -> ShowS
show :: PutPermissionPolicyResponse -> String
$cshow :: PutPermissionPolicyResponse -> String
showsPrec :: Int -> PutPermissionPolicyResponse -> ShowS
$cshowsPrec :: Int -> PutPermissionPolicyResponse -> ShowS
Prelude.Show, (forall x.
 PutPermissionPolicyResponse -> Rep PutPermissionPolicyResponse x)
-> (forall x.
    Rep PutPermissionPolicyResponse x -> PutPermissionPolicyResponse)
-> Generic PutPermissionPolicyResponse
forall x.
Rep PutPermissionPolicyResponse x -> PutPermissionPolicyResponse
forall x.
PutPermissionPolicyResponse -> Rep PutPermissionPolicyResponse x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x.
Rep PutPermissionPolicyResponse x -> PutPermissionPolicyResponse
$cfrom :: forall x.
PutPermissionPolicyResponse -> Rep PutPermissionPolicyResponse x
Prelude.Generic)

-- |
-- Create a value of 'PutPermissionPolicyResponse' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'httpStatus', 'putPermissionPolicyResponse_httpStatus' - The response's http status code.
newPutPermissionPolicyResponse ::
  -- | 'httpStatus'
  Prelude.Int ->
  PutPermissionPolicyResponse
newPutPermissionPolicyResponse :: Int -> PutPermissionPolicyResponse
newPutPermissionPolicyResponse Int
pHttpStatus_ =
  PutPermissionPolicyResponse' :: Int -> PutPermissionPolicyResponse
PutPermissionPolicyResponse'
    { $sel:httpStatus:PutPermissionPolicyResponse' :: Int
httpStatus =
        Int
pHttpStatus_
    }

-- | The response's http status code.
putPermissionPolicyResponse_httpStatus :: Lens.Lens' PutPermissionPolicyResponse Prelude.Int
putPermissionPolicyResponse_httpStatus :: (Int -> f Int)
-> PutPermissionPolicyResponse -> f PutPermissionPolicyResponse
putPermissionPolicyResponse_httpStatus = (PutPermissionPolicyResponse -> Int)
-> (PutPermissionPolicyResponse
    -> Int -> PutPermissionPolicyResponse)
-> Lens
     PutPermissionPolicyResponse PutPermissionPolicyResponse Int Int
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\PutPermissionPolicyResponse' {Int
httpStatus :: Int
$sel:httpStatus:PutPermissionPolicyResponse' :: PutPermissionPolicyResponse -> Int
httpStatus} -> Int
httpStatus) (\s :: PutPermissionPolicyResponse
s@PutPermissionPolicyResponse' {} Int
a -> PutPermissionPolicyResponse
s {$sel:httpStatus:PutPermissionPolicyResponse' :: Int
httpStatus = Int
a} :: PutPermissionPolicyResponse)

instance Prelude.NFData PutPermissionPolicyResponse