{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE TypeFamilies #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-binds #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.NetworkFirewall.PutResourcePolicy
-- Copyright   : (c) 2013-2023 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
--
-- Creates or updates an IAM policy for your rule group or firewall policy.
-- Use this to share rule groups and firewall policies between accounts.
-- This operation works in conjunction with the Amazon Web Services
-- Resource Access Manager (RAM) service to manage resource sharing for
-- Network Firewall.
--
-- Use this operation to create or update a resource policy for your rule
-- group or firewall policy. In the policy, you specify the accounts that
-- you want to share the resource with and the operations that you want the
-- accounts to be able to perform.
--
-- When you add an account in the resource policy, you then run the
-- following Resource Access Manager (RAM) operations to access and accept
-- the shared rule group or firewall policy.
--
-- -   <https://docs.aws.amazon.com/ram/latest/APIReference/API_GetResourceShareInvitations.html GetResourceShareInvitations>
--     - Returns the Amazon Resource Names (ARNs) of the resource share
--     invitations.
--
-- -   <https://docs.aws.amazon.com/ram/latest/APIReference/API_AcceptResourceShareInvitation.html AcceptResourceShareInvitation>
--     - Accepts the share invitation for a specified resource share.
--
-- For additional information about resource sharing using RAM, see
-- <https://docs.aws.amazon.com/ram/latest/userguide/what-is.html Resource Access Manager User Guide>.
module Amazonka.NetworkFirewall.PutResourcePolicy
  ( -- * Creating a Request
    PutResourcePolicy (..),
    newPutResourcePolicy,

    -- * Request Lenses
    putResourcePolicy_resourceArn,
    putResourcePolicy_policy,

    -- * Destructuring the Response
    PutResourcePolicyResponse (..),
    newPutResourcePolicyResponse,

    -- * Response Lenses
    putResourcePolicyResponse_httpStatus,
  )
where

import qualified Amazonka.Core as Core
import qualified Amazonka.Core.Lens.Internal as Lens
import qualified Amazonka.Data as Data
import Amazonka.NetworkFirewall.Types
import qualified Amazonka.Prelude as Prelude
import qualified Amazonka.Request as Request
import qualified Amazonka.Response as Response

-- | /See:/ 'newPutResourcePolicy' smart constructor.
data PutResourcePolicy = PutResourcePolicy'
  { -- | The Amazon Resource Name (ARN) of the account that you want to share
    -- rule groups and firewall policies with.
    PutResourcePolicy -> Text
resourceArn :: Prelude.Text,
    -- | The IAM policy statement that lists the accounts that you want to share
    -- your rule group or firewall policy with and the operations that you want
    -- the accounts to be able to perform.
    --
    -- For a rule group resource, you can specify the following operations in
    -- the Actions section of the statement:
    --
    -- -   network-firewall:CreateFirewallPolicy
    --
    -- -   network-firewall:UpdateFirewallPolicy
    --
    -- -   network-firewall:ListRuleGroups
    --
    -- For a firewall policy resource, you can specify the following operations
    -- in the Actions section of the statement:
    --
    -- -   network-firewall:CreateFirewall
    --
    -- -   network-firewall:UpdateFirewall
    --
    -- -   network-firewall:AssociateFirewallPolicy
    --
    -- -   network-firewall:ListFirewallPolicies
    --
    -- In the Resource section of the statement, you specify the ARNs for the
    -- rule groups and firewall policies that you want to share with the
    -- account that you specified in @Arn@.
    PutResourcePolicy -> Text
policy :: Prelude.Text
  }
  deriving (PutResourcePolicy -> PutResourcePolicy -> Bool
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: PutResourcePolicy -> PutResourcePolicy -> Bool
$c/= :: PutResourcePolicy -> PutResourcePolicy -> Bool
== :: PutResourcePolicy -> PutResourcePolicy -> Bool
$c== :: PutResourcePolicy -> PutResourcePolicy -> Bool
Prelude.Eq, ReadPrec [PutResourcePolicy]
ReadPrec PutResourcePolicy
Int -> ReadS PutResourcePolicy
ReadS [PutResourcePolicy]
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [PutResourcePolicy]
$creadListPrec :: ReadPrec [PutResourcePolicy]
readPrec :: ReadPrec PutResourcePolicy
$creadPrec :: ReadPrec PutResourcePolicy
readList :: ReadS [PutResourcePolicy]
$creadList :: ReadS [PutResourcePolicy]
readsPrec :: Int -> ReadS PutResourcePolicy
$creadsPrec :: Int -> ReadS PutResourcePolicy
Prelude.Read, Int -> PutResourcePolicy -> ShowS
[PutResourcePolicy] -> ShowS
PutResourcePolicy -> String
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [PutResourcePolicy] -> ShowS
$cshowList :: [PutResourcePolicy] -> ShowS
show :: PutResourcePolicy -> String
$cshow :: PutResourcePolicy -> String
showsPrec :: Int -> PutResourcePolicy -> ShowS
$cshowsPrec :: Int -> PutResourcePolicy -> ShowS
Prelude.Show, forall x. Rep PutResourcePolicy x -> PutResourcePolicy
forall x. PutResourcePolicy -> Rep PutResourcePolicy x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x. Rep PutResourcePolicy x -> PutResourcePolicy
$cfrom :: forall x. PutResourcePolicy -> Rep PutResourcePolicy x
Prelude.Generic)

-- |
-- Create a value of 'PutResourcePolicy' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'resourceArn', 'putResourcePolicy_resourceArn' - The Amazon Resource Name (ARN) of the account that you want to share
-- rule groups and firewall policies with.
--
-- 'policy', 'putResourcePolicy_policy' - The IAM policy statement that lists the accounts that you want to share
-- your rule group or firewall policy with and the operations that you want
-- the accounts to be able to perform.
--
-- For a rule group resource, you can specify the following operations in
-- the Actions section of the statement:
--
-- -   network-firewall:CreateFirewallPolicy
--
-- -   network-firewall:UpdateFirewallPolicy
--
-- -   network-firewall:ListRuleGroups
--
-- For a firewall policy resource, you can specify the following operations
-- in the Actions section of the statement:
--
-- -   network-firewall:CreateFirewall
--
-- -   network-firewall:UpdateFirewall
--
-- -   network-firewall:AssociateFirewallPolicy
--
-- -   network-firewall:ListFirewallPolicies
--
-- In the Resource section of the statement, you specify the ARNs for the
-- rule groups and firewall policies that you want to share with the
-- account that you specified in @Arn@.
newPutResourcePolicy ::
  -- | 'resourceArn'
  Prelude.Text ->
  -- | 'policy'
  Prelude.Text ->
  PutResourcePolicy
newPutResourcePolicy :: Text -> Text -> PutResourcePolicy
newPutResourcePolicy Text
pResourceArn_ Text
pPolicy_ =
  PutResourcePolicy'
    { $sel:resourceArn:PutResourcePolicy' :: Text
resourceArn = Text
pResourceArn_,
      $sel:policy:PutResourcePolicy' :: Text
policy = Text
pPolicy_
    }

-- | The Amazon Resource Name (ARN) of the account that you want to share
-- rule groups and firewall policies with.
putResourcePolicy_resourceArn :: Lens.Lens' PutResourcePolicy Prelude.Text
putResourcePolicy_resourceArn :: Lens' PutResourcePolicy Text
putResourcePolicy_resourceArn = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\PutResourcePolicy' {Text
resourceArn :: Text
$sel:resourceArn:PutResourcePolicy' :: PutResourcePolicy -> Text
resourceArn} -> Text
resourceArn) (\s :: PutResourcePolicy
s@PutResourcePolicy' {} Text
a -> PutResourcePolicy
s {$sel:resourceArn:PutResourcePolicy' :: Text
resourceArn = Text
a} :: PutResourcePolicy)

-- | The IAM policy statement that lists the accounts that you want to share
-- your rule group or firewall policy with and the operations that you want
-- the accounts to be able to perform.
--
-- For a rule group resource, you can specify the following operations in
-- the Actions section of the statement:
--
-- -   network-firewall:CreateFirewallPolicy
--
-- -   network-firewall:UpdateFirewallPolicy
--
-- -   network-firewall:ListRuleGroups
--
-- For a firewall policy resource, you can specify the following operations
-- in the Actions section of the statement:
--
-- -   network-firewall:CreateFirewall
--
-- -   network-firewall:UpdateFirewall
--
-- -   network-firewall:AssociateFirewallPolicy
--
-- -   network-firewall:ListFirewallPolicies
--
-- In the Resource section of the statement, you specify the ARNs for the
-- rule groups and firewall policies that you want to share with the
-- account that you specified in @Arn@.
putResourcePolicy_policy :: Lens.Lens' PutResourcePolicy Prelude.Text
putResourcePolicy_policy :: Lens' PutResourcePolicy Text
putResourcePolicy_policy = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\PutResourcePolicy' {Text
policy :: Text
$sel:policy:PutResourcePolicy' :: PutResourcePolicy -> Text
policy} -> Text
policy) (\s :: PutResourcePolicy
s@PutResourcePolicy' {} Text
a -> PutResourcePolicy
s {$sel:policy:PutResourcePolicy' :: Text
policy = Text
a} :: PutResourcePolicy)

instance Core.AWSRequest PutResourcePolicy where
  type
    AWSResponse PutResourcePolicy =
      PutResourcePolicyResponse
  request :: (Service -> Service)
-> PutResourcePolicy -> Request PutResourcePolicy
request Service -> Service
overrides =
    forall a. (ToRequest a, ToJSON a) => Service -> a -> Request a
Request.postJSON (Service -> Service
overrides Service
defaultService)
  response :: forall (m :: * -> *).
MonadResource m =>
(ByteStringLazy -> IO ByteStringLazy)
-> Service
-> Proxy PutResourcePolicy
-> ClientResponse ClientBody
-> m (Either
        Error (ClientResponse (AWSResponse PutResourcePolicy)))
response =
    forall (m :: * -> *) a.
MonadResource m =>
(Int -> ResponseHeaders -> () -> Either String (AWSResponse a))
-> (ByteStringLazy -> IO ByteStringLazy)
-> Service
-> Proxy a
-> ClientResponse ClientBody
-> m (Either Error (ClientResponse (AWSResponse a)))
Response.receiveEmpty
      ( \Int
s ResponseHeaders
h ()
x ->
          Int -> PutResourcePolicyResponse
PutResourcePolicyResponse'
            forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> (forall (f :: * -> *) a. Applicative f => a -> f a
Prelude.pure (forall a. Enum a => a -> Int
Prelude.fromEnum Int
s))
      )

instance Prelude.Hashable PutResourcePolicy where
  hashWithSalt :: Int -> PutResourcePolicy -> Int
hashWithSalt Int
_salt PutResourcePolicy' {Text
policy :: Text
resourceArn :: Text
$sel:policy:PutResourcePolicy' :: PutResourcePolicy -> Text
$sel:resourceArn:PutResourcePolicy' :: PutResourcePolicy -> Text
..} =
    Int
_salt
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Text
resourceArn
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Text
policy

instance Prelude.NFData PutResourcePolicy where
  rnf :: PutResourcePolicy -> ()
rnf PutResourcePolicy' {Text
policy :: Text
resourceArn :: Text
$sel:policy:PutResourcePolicy' :: PutResourcePolicy -> Text
$sel:resourceArn:PutResourcePolicy' :: PutResourcePolicy -> Text
..} =
    forall a. NFData a => a -> ()
Prelude.rnf Text
resourceArn
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Text
policy

instance Data.ToHeaders PutResourcePolicy where
  toHeaders :: PutResourcePolicy -> ResponseHeaders
toHeaders =
    forall a b. a -> b -> a
Prelude.const
      ( forall a. Monoid a => [a] -> a
Prelude.mconcat
          [ HeaderName
"X-Amz-Target"
              forall a. ToHeader a => HeaderName -> a -> ResponseHeaders
Data.=# ( ByteString
"NetworkFirewall_20201112.PutResourcePolicy" ::
                          Prelude.ByteString
                      ),
            HeaderName
"Content-Type"
              forall a. ToHeader a => HeaderName -> a -> ResponseHeaders
Data.=# ( ByteString
"application/x-amz-json-1.0" ::
                          Prelude.ByteString
                      )
          ]
      )

instance Data.ToJSON PutResourcePolicy where
  toJSON :: PutResourcePolicy -> Value
toJSON PutResourcePolicy' {Text
policy :: Text
resourceArn :: Text
$sel:policy:PutResourcePolicy' :: PutResourcePolicy -> Text
$sel:resourceArn:PutResourcePolicy' :: PutResourcePolicy -> Text
..} =
    [Pair] -> Value
Data.object
      ( forall a. [Maybe a] -> [a]
Prelude.catMaybes
          [ forall a. a -> Maybe a
Prelude.Just (Key
"ResourceArn" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv
Data..= Text
resourceArn),
            forall a. a -> Maybe a
Prelude.Just (Key
"Policy" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv
Data..= Text
policy)
          ]
      )

instance Data.ToPath PutResourcePolicy where
  toPath :: PutResourcePolicy -> ByteString
toPath = forall a b. a -> b -> a
Prelude.const ByteString
"/"

instance Data.ToQuery PutResourcePolicy where
  toQuery :: PutResourcePolicy -> QueryString
toQuery = forall a b. a -> b -> a
Prelude.const forall a. Monoid a => a
Prelude.mempty

-- | /See:/ 'newPutResourcePolicyResponse' smart constructor.
data PutResourcePolicyResponse = PutResourcePolicyResponse'
  { -- | The response's http status code.
    PutResourcePolicyResponse -> Int
httpStatus :: Prelude.Int
  }
  deriving (PutResourcePolicyResponse -> PutResourcePolicyResponse -> Bool
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: PutResourcePolicyResponse -> PutResourcePolicyResponse -> Bool
$c/= :: PutResourcePolicyResponse -> PutResourcePolicyResponse -> Bool
== :: PutResourcePolicyResponse -> PutResourcePolicyResponse -> Bool
$c== :: PutResourcePolicyResponse -> PutResourcePolicyResponse -> Bool
Prelude.Eq, ReadPrec [PutResourcePolicyResponse]
ReadPrec PutResourcePolicyResponse
Int -> ReadS PutResourcePolicyResponse
ReadS [PutResourcePolicyResponse]
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [PutResourcePolicyResponse]
$creadListPrec :: ReadPrec [PutResourcePolicyResponse]
readPrec :: ReadPrec PutResourcePolicyResponse
$creadPrec :: ReadPrec PutResourcePolicyResponse
readList :: ReadS [PutResourcePolicyResponse]
$creadList :: ReadS [PutResourcePolicyResponse]
readsPrec :: Int -> ReadS PutResourcePolicyResponse
$creadsPrec :: Int -> ReadS PutResourcePolicyResponse
Prelude.Read, Int -> PutResourcePolicyResponse -> ShowS
[PutResourcePolicyResponse] -> ShowS
PutResourcePolicyResponse -> String
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [PutResourcePolicyResponse] -> ShowS
$cshowList :: [PutResourcePolicyResponse] -> ShowS
show :: PutResourcePolicyResponse -> String
$cshow :: PutResourcePolicyResponse -> String
showsPrec :: Int -> PutResourcePolicyResponse -> ShowS
$cshowsPrec :: Int -> PutResourcePolicyResponse -> ShowS
Prelude.Show, forall x.
Rep PutResourcePolicyResponse x -> PutResourcePolicyResponse
forall x.
PutResourcePolicyResponse -> Rep PutResourcePolicyResponse x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x.
Rep PutResourcePolicyResponse x -> PutResourcePolicyResponse
$cfrom :: forall x.
PutResourcePolicyResponse -> Rep PutResourcePolicyResponse x
Prelude.Generic)

-- |
-- Create a value of 'PutResourcePolicyResponse' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'httpStatus', 'putResourcePolicyResponse_httpStatus' - The response's http status code.
newPutResourcePolicyResponse ::
  -- | 'httpStatus'
  Prelude.Int ->
  PutResourcePolicyResponse
newPutResourcePolicyResponse :: Int -> PutResourcePolicyResponse
newPutResourcePolicyResponse Int
pHttpStatus_ =
  PutResourcePolicyResponse'
    { $sel:httpStatus:PutResourcePolicyResponse' :: Int
httpStatus =
        Int
pHttpStatus_
    }

-- | The response's http status code.
putResourcePolicyResponse_httpStatus :: Lens.Lens' PutResourcePolicyResponse Prelude.Int
putResourcePolicyResponse_httpStatus :: Lens' PutResourcePolicyResponse Int
putResourcePolicyResponse_httpStatus = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\PutResourcePolicyResponse' {Int
httpStatus :: Int
$sel:httpStatus:PutResourcePolicyResponse' :: PutResourcePolicyResponse -> Int
httpStatus} -> Int
httpStatus) (\s :: PutResourcePolicyResponse
s@PutResourcePolicyResponse' {} Int
a -> PutResourcePolicyResponse
s {$sel:httpStatus:PutResourcePolicyResponse' :: Int
httpStatus = Int
a} :: PutResourcePolicyResponse)

instance Prelude.NFData PutResourcePolicyResponse where
  rnf :: PutResourcePolicyResponse -> ()
rnf PutResourcePolicyResponse' {Int
httpStatus :: Int
$sel:httpStatus:PutResourcePolicyResponse' :: PutResourcePolicyResponse -> Int
..} =
    forall a. NFData a => a -> ()
Prelude.rnf Int
httpStatus