{-# LANGUAGE DeriveDataTypeable #-}
{-# LANGUAGE DeriveGeneric      #-}
{-# LANGUAGE OverloadedStrings  #-}
{-# LANGUAGE RecordWildCards    #-}
{-# LANGUAGE TypeFamilies       #-}

{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Network.AWS.EC2.AuthorizeSecurityGroupIngress
-- Copyright   : (c) 2013-2016 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
--
-- Adds one or more ingress rules to a security group.
--
-- EC2-Classic: You can have up to 100 rules per group.
--
-- EC2-VPC: You can have up to 50 rules per group (covering both ingress
-- and egress rules).
--
-- Rule changes are propagated to instances within the security group as
-- quickly as possible. However, a small delay might occur.
--
-- [EC2-Classic] This action gives one or more CIDR IP address ranges
-- permission to access a security group in your account, or gives one or
-- more security groups (called the /source groups/) permission to access a
-- security group for your account. A source group can be for your own AWS
-- account, or another.
--
-- [EC2-VPC] This action gives one or more CIDR IP address ranges
-- permission to access a security group in your VPC, or gives one or more
-- other security groups (called the /source groups/) permission to access
-- a security group for your VPC. The security groups must all be for the
-- same VPC.
module Network.AWS.EC2.AuthorizeSecurityGroupIngress
    (
    -- * Creating a Request
      authorizeSecurityGroupIngress
    , AuthorizeSecurityGroupIngress
    -- * Request Lenses
    , asgiFromPort
    , asgiIPPermissions
    , asgiIPProtocol
    , asgiGroupId
    , asgiToPort
    , asgiCIdRIP
    , asgiSourceSecurityGroupOwnerId
    , asgiGroupName
    , asgiSourceSecurityGroupName
    , asgiDryRun

    -- * Destructuring the Response
    , authorizeSecurityGroupIngressResponse
    , AuthorizeSecurityGroupIngressResponse
    ) where

import           Network.AWS.EC2.Types
import           Network.AWS.EC2.Types.Product
import           Network.AWS.Lens
import           Network.AWS.Prelude
import           Network.AWS.Request
import           Network.AWS.Response

-- | Contains the parameters for AuthorizeSecurityGroupIngress.
--
-- /See:/ 'authorizeSecurityGroupIngress' smart constructor.
data AuthorizeSecurityGroupIngress = AuthorizeSecurityGroupIngress'
    { _asgiFromPort                   :: !(Maybe Int)
    , _asgiIPPermissions              :: !(Maybe [IPPermission])
    , _asgiIPProtocol                 :: !(Maybe Text)
    , _asgiGroupId                    :: !(Maybe Text)
    , _asgiToPort                     :: !(Maybe Int)
    , _asgiCIdRIP                     :: !(Maybe Text)
    , _asgiSourceSecurityGroupOwnerId :: !(Maybe Text)
    , _asgiGroupName                  :: !(Maybe Text)
    , _asgiSourceSecurityGroupName    :: !(Maybe Text)
    , _asgiDryRun                     :: !(Maybe Bool)
    } deriving (Eq,Read,Show,Data,Typeable,Generic)

-- | Creates a value of 'AuthorizeSecurityGroupIngress' with the minimum fields required to make a request.
--
-- Use one of the following lenses to modify other fields as desired:
--
-- * 'asgiFromPort'
--
-- * 'asgiIPPermissions'
--
-- * 'asgiIPProtocol'
--
-- * 'asgiGroupId'
--
-- * 'asgiToPort'
--
-- * 'asgiCIdRIP'
--
-- * 'asgiSourceSecurityGroupOwnerId'
--
-- * 'asgiGroupName'
--
-- * 'asgiSourceSecurityGroupName'
--
-- * 'asgiDryRun'
authorizeSecurityGroupIngress
    :: AuthorizeSecurityGroupIngress
authorizeSecurityGroupIngress =
    AuthorizeSecurityGroupIngress'
    { _asgiFromPort = Nothing
    , _asgiIPPermissions = Nothing
    , _asgiIPProtocol = Nothing
    , _asgiGroupId = Nothing
    , _asgiToPort = Nothing
    , _asgiCIdRIP = Nothing
    , _asgiSourceSecurityGroupOwnerId = Nothing
    , _asgiGroupName = Nothing
    , _asgiSourceSecurityGroupName = Nothing
    , _asgiDryRun = Nothing
    }

-- | The start of port range for the TCP and UDP protocols, or an ICMP type
-- number. For the ICMP type number, use '-1' to specify all ICMP types.
asgiFromPort :: Lens' AuthorizeSecurityGroupIngress (Maybe Int)
asgiFromPort = lens _asgiFromPort (\ s a -> s{_asgiFromPort = a});

-- | A set of IP permissions. Can be used to specify multiple rules in a
-- single command.
asgiIPPermissions :: Lens' AuthorizeSecurityGroupIngress [IPPermission]
asgiIPPermissions = lens _asgiIPPermissions (\ s a -> s{_asgiIPPermissions = a}) . _Default . _Coerce;

-- | The IP protocol name ('tcp', 'udp', 'icmp') or number (see
-- <http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml Protocol Numbers>).
-- (VPC only) Use '-1' to specify all.
asgiIPProtocol :: Lens' AuthorizeSecurityGroupIngress (Maybe Text)
asgiIPProtocol = lens _asgiIPProtocol (\ s a -> s{_asgiIPProtocol = a});

-- | The ID of the security group. Required for a nondefault VPC.
asgiGroupId :: Lens' AuthorizeSecurityGroupIngress (Maybe Text)
asgiGroupId = lens _asgiGroupId (\ s a -> s{_asgiGroupId = a});

-- | The end of port range for the TCP and UDP protocols, or an ICMP code
-- number. For the ICMP code number, use '-1' to specify all ICMP codes for
-- the ICMP type.
asgiToPort :: Lens' AuthorizeSecurityGroupIngress (Maybe Int)
asgiToPort = lens _asgiToPort (\ s a -> s{_asgiToPort = a});

-- | The CIDR IP address range. You can\'t specify this parameter when
-- specifying a source security group.
asgiCIdRIP :: Lens' AuthorizeSecurityGroupIngress (Maybe Text)
asgiCIdRIP = lens _asgiCIdRIP (\ s a -> s{_asgiCIdRIP = a});

-- | [EC2-Classic] The AWS account number for the source security group, if
-- the source security group is in a different account. You can\'t specify
-- this parameter in combination with the following parameters: the CIDR IP
-- address range, the IP protocol, the start of the port range, and the end
-- of the port range. Creates rules that grant full ICMP, UDP, and TCP
-- access. To create a rule with a specific IP protocol and port range, use
-- a set of IP permissions instead.
asgiSourceSecurityGroupOwnerId :: Lens' AuthorizeSecurityGroupIngress (Maybe Text)
asgiSourceSecurityGroupOwnerId = lens _asgiSourceSecurityGroupOwnerId (\ s a -> s{_asgiSourceSecurityGroupOwnerId = a});

-- | [EC2-Classic, default VPC] The name of the security group.
asgiGroupName :: Lens' AuthorizeSecurityGroupIngress (Maybe Text)
asgiGroupName = lens _asgiGroupName (\ s a -> s{_asgiGroupName = a});

-- | [EC2-Classic, default VPC] The name of the source security group. You
-- can\'t specify this parameter in combination with the following
-- parameters: the CIDR IP address range, the start of the port range, the
-- IP protocol, and the end of the port range. Creates rules that grant
-- full ICMP, UDP, and TCP access. To create a rule with a specific IP
-- protocol and port range, use a set of IP permissions instead. For
-- EC2-VPC, the source security group must be in the same VPC.
asgiSourceSecurityGroupName :: Lens' AuthorizeSecurityGroupIngress (Maybe Text)
asgiSourceSecurityGroupName = lens _asgiSourceSecurityGroupName (\ s a -> s{_asgiSourceSecurityGroupName = a});

-- | Checks whether you have the required permissions for the action, without
-- actually making the request, and provides an error response. If you have
-- the required permissions, the error response is 'DryRunOperation'.
-- Otherwise, it is 'UnauthorizedOperation'.
asgiDryRun :: Lens' AuthorizeSecurityGroupIngress (Maybe Bool)
asgiDryRun = lens _asgiDryRun (\ s a -> s{_asgiDryRun = a});

instance AWSRequest AuthorizeSecurityGroupIngress
         where
        type Rs AuthorizeSecurityGroupIngress =
             AuthorizeSecurityGroupIngressResponse
        request = postQuery ec2
        response
          = receiveNull AuthorizeSecurityGroupIngressResponse'

instance Hashable AuthorizeSecurityGroupIngress

instance NFData AuthorizeSecurityGroupIngress

instance ToHeaders AuthorizeSecurityGroupIngress
         where
        toHeaders = const mempty

instance ToPath AuthorizeSecurityGroupIngress where
        toPath = const "/"

instance ToQuery AuthorizeSecurityGroupIngress where
        toQuery AuthorizeSecurityGroupIngress'{..}
          = mconcat
              ["Action" =:
                 ("AuthorizeSecurityGroupIngress" :: ByteString),
               "Version" =: ("2015-10-01" :: ByteString),
               "FromPort" =: _asgiFromPort,
               toQuery
                 (toQueryList "IpPermissions" <$> _asgiIPPermissions),
               "IpProtocol" =: _asgiIPProtocol,
               "GroupId" =: _asgiGroupId, "ToPort" =: _asgiToPort,
               "CidrIp" =: _asgiCIdRIP,
               "SourceSecurityGroupOwnerId" =:
                 _asgiSourceSecurityGroupOwnerId,
               "GroupName" =: _asgiGroupName,
               "SourceSecurityGroupName" =:
                 _asgiSourceSecurityGroupName,
               "DryRun" =: _asgiDryRun]

-- | /See:/ 'authorizeSecurityGroupIngressResponse' smart constructor.
data AuthorizeSecurityGroupIngressResponse =
    AuthorizeSecurityGroupIngressResponse'
    deriving (Eq,Read,Show,Data,Typeable,Generic)

-- | Creates a value of 'AuthorizeSecurityGroupIngressResponse' with the minimum fields required to make a request.
--
authorizeSecurityGroupIngressResponse
    :: AuthorizeSecurityGroupIngressResponse
authorizeSecurityGroupIngressResponse = AuthorizeSecurityGroupIngressResponse'

instance NFData AuthorizeSecurityGroupIngressResponse