{-# LANGUAGE DeriveDataTypeable #-}
{-# LANGUAGE DeriveGeneric      #-}
{-# LANGUAGE OverloadedStrings  #-}
{-# LANGUAGE RecordWildCards    #-}
{-# LANGUAGE TypeFamilies       #-}

{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Network.AWS.RDS.AuthorizeDBSecurityGroupIngress
-- Copyright   : (c) 2013-2015 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
--
-- Enables ingress to a DBSecurityGroup using one of two forms of
-- authorization. First, EC2 or VPC security groups can be added to the
-- DBSecurityGroup if the application using the database is running on EC2
-- or VPC instances. Second, IP ranges are available if the application
-- accessing your database is running on the Internet. Required parameters
-- for this API are one of CIDR range, EC2SecurityGroupId for VPC, or
-- (EC2SecurityGroupOwnerId and either EC2SecurityGroupName or
-- EC2SecurityGroupId for non-VPC).
--
-- You cannot authorize ingress from an EC2 security group in one region to
-- an Amazon RDS DB instance in another. You cannot authorize ingress from
-- a VPC security group in one VPC to an Amazon RDS DB instance in another.
--
-- For an overview of CIDR ranges, go to the
-- <http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing Wikipedia Tutorial>.
--
-- /See:/ <http://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_AuthorizeDBSecurityGroupIngress.html AWS API Reference> for AuthorizeDBSecurityGroupIngress.
module Network.AWS.RDS.AuthorizeDBSecurityGroupIngress
    (
    -- * Creating a Request
      authorizeDBSecurityGroupIngress
    , AuthorizeDBSecurityGroupIngress
    -- * Request Lenses
    , adsgiEC2SecurityGroupOwnerId
    , adsgiEC2SecurityGroupName
    , adsgiCIdRIP
    , adsgiEC2SecurityGroupId
    , adsgiDBSecurityGroupName

    -- * Destructuring the Response
    , authorizeDBSecurityGroupIngressResponse
    , AuthorizeDBSecurityGroupIngressResponse
    -- * Response Lenses
    , adsgirsDBSecurityGroup
    , adsgirsResponseStatus
    ) where

import           Network.AWS.Prelude
import           Network.AWS.RDS.Types
import           Network.AWS.RDS.Types.Product
import           Network.AWS.Request
import           Network.AWS.Response

-- |
--
-- /See:/ 'authorizeDBSecurityGroupIngress' smart constructor.
data AuthorizeDBSecurityGroupIngress = AuthorizeDBSecurityGroupIngress'
    { _adsgiEC2SecurityGroupOwnerId :: !(Maybe Text)
    , _adsgiEC2SecurityGroupName    :: !(Maybe Text)
    , _adsgiCIdRIP                  :: !(Maybe Text)
    , _adsgiEC2SecurityGroupId      :: !(Maybe Text)
    , _adsgiDBSecurityGroupName     :: !Text
    } deriving (Eq,Read,Show,Data,Typeable,Generic)

-- | Creates a value of 'AuthorizeDBSecurityGroupIngress' with the minimum fields required to make a request.
--
-- Use one of the following lenses to modify other fields as desired:
--
-- * 'adsgiEC2SecurityGroupOwnerId'
--
-- * 'adsgiEC2SecurityGroupName'
--
-- * 'adsgiCIdRIP'
--
-- * 'adsgiEC2SecurityGroupId'
--
-- * 'adsgiDBSecurityGroupName'
authorizeDBSecurityGroupIngress
    :: Text -- ^ 'adsgiDBSecurityGroupName'
    -> AuthorizeDBSecurityGroupIngress
authorizeDBSecurityGroupIngress pDBSecurityGroupName_ =
    AuthorizeDBSecurityGroupIngress'
    { _adsgiEC2SecurityGroupOwnerId = Nothing
    , _adsgiEC2SecurityGroupName = Nothing
    , _adsgiCIdRIP = Nothing
    , _adsgiEC2SecurityGroupId = Nothing
    , _adsgiDBSecurityGroupName = pDBSecurityGroupName_
    }

-- | AWS account number of the owner of the EC2 security group specified in
-- the 'EC2SecurityGroupName' parameter. The AWS Access Key ID is not an
-- acceptable value. For VPC DB security groups, 'EC2SecurityGroupId' must
-- be provided. Otherwise, 'EC2SecurityGroupOwnerId' and either
-- 'EC2SecurityGroupName' or 'EC2SecurityGroupId' must be provided.
adsgiEC2SecurityGroupOwnerId :: Lens' AuthorizeDBSecurityGroupIngress (Maybe Text)
adsgiEC2SecurityGroupOwnerId = lens _adsgiEC2SecurityGroupOwnerId (\ s a -> s{_adsgiEC2SecurityGroupOwnerId = a});

-- | Name of the EC2 security group to authorize. For VPC DB security groups,
-- 'EC2SecurityGroupId' must be provided. Otherwise,
-- 'EC2SecurityGroupOwnerId' and either 'EC2SecurityGroupName' or
-- 'EC2SecurityGroupId' must be provided.
adsgiEC2SecurityGroupName :: Lens' AuthorizeDBSecurityGroupIngress (Maybe Text)
adsgiEC2SecurityGroupName = lens _adsgiEC2SecurityGroupName (\ s a -> s{_adsgiEC2SecurityGroupName = a});

-- | The IP range to authorize.
adsgiCIdRIP :: Lens' AuthorizeDBSecurityGroupIngress (Maybe Text)
adsgiCIdRIP = lens _adsgiCIdRIP (\ s a -> s{_adsgiCIdRIP = a});

-- | Id of the EC2 security group to authorize. For VPC DB security groups,
-- 'EC2SecurityGroupId' must be provided. Otherwise,
-- 'EC2SecurityGroupOwnerId' and either 'EC2SecurityGroupName' or
-- 'EC2SecurityGroupId' must be provided.
adsgiEC2SecurityGroupId :: Lens' AuthorizeDBSecurityGroupIngress (Maybe Text)
adsgiEC2SecurityGroupId = lens _adsgiEC2SecurityGroupId (\ s a -> s{_adsgiEC2SecurityGroupId = a});

-- | The name of the DB security group to add authorization to.
adsgiDBSecurityGroupName :: Lens' AuthorizeDBSecurityGroupIngress Text
adsgiDBSecurityGroupName = lens _adsgiDBSecurityGroupName (\ s a -> s{_adsgiDBSecurityGroupName = a});

instance AWSRequest AuthorizeDBSecurityGroupIngress
         where
        type Rs AuthorizeDBSecurityGroupIngress =
             AuthorizeDBSecurityGroupIngressResponse
        request = postQuery rDS
        response
          = receiveXMLWrapper
              "AuthorizeDBSecurityGroupIngressResult"
              (\ s h x ->
                 AuthorizeDBSecurityGroupIngressResponse' <$>
                   (x .@? "DBSecurityGroup") <*> (pure (fromEnum s)))

instance ToHeaders AuthorizeDBSecurityGroupIngress
         where
        toHeaders = const mempty

instance ToPath AuthorizeDBSecurityGroupIngress where
        toPath = const "/"

instance ToQuery AuthorizeDBSecurityGroupIngress
         where
        toQuery AuthorizeDBSecurityGroupIngress'{..}
          = mconcat
              ["Action" =:
                 ("AuthorizeDBSecurityGroupIngress" :: ByteString),
               "Version" =: ("2014-10-31" :: ByteString),
               "EC2SecurityGroupOwnerId" =:
                 _adsgiEC2SecurityGroupOwnerId,
               "EC2SecurityGroupName" =: _adsgiEC2SecurityGroupName,
               "CIDRIP" =: _adsgiCIdRIP,
               "EC2SecurityGroupId" =: _adsgiEC2SecurityGroupId,
               "DBSecurityGroupName" =: _adsgiDBSecurityGroupName]

-- | /See:/ 'authorizeDBSecurityGroupIngressResponse' smart constructor.
data AuthorizeDBSecurityGroupIngressResponse = AuthorizeDBSecurityGroupIngressResponse'
    { _adsgirsDBSecurityGroup :: !(Maybe DBSecurityGroup)
    , _adsgirsResponseStatus  :: !Int
    } deriving (Eq,Read,Show,Data,Typeable,Generic)

-- | Creates a value of 'AuthorizeDBSecurityGroupIngressResponse' with the minimum fields required to make a request.
--
-- Use one of the following lenses to modify other fields as desired:
--
-- * 'adsgirsDBSecurityGroup'
--
-- * 'adsgirsResponseStatus'
authorizeDBSecurityGroupIngressResponse
    :: Int -- ^ 'adsgirsResponseStatus'
    -> AuthorizeDBSecurityGroupIngressResponse
authorizeDBSecurityGroupIngressResponse pResponseStatus_ =
    AuthorizeDBSecurityGroupIngressResponse'
    { _adsgirsDBSecurityGroup = Nothing
    , _adsgirsResponseStatus = pResponseStatus_
    }

-- | Undocumented member.
adsgirsDBSecurityGroup :: Lens' AuthorizeDBSecurityGroupIngressResponse (Maybe DBSecurityGroup)
adsgirsDBSecurityGroup = lens _adsgirsDBSecurityGroup (\ s a -> s{_adsgirsDBSecurityGroup = a});

-- | The response status code.
adsgirsResponseStatus :: Lens' AuthorizeDBSecurityGroupIngressResponse Int
adsgirsResponseStatus = lens _adsgirsResponseStatus (\ s a -> s{_adsgirsResponseStatus = a});