{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.NetworkFirewall.Types.StatefulEngineOptions
-- Copyright   : (c) 2013-2023 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
module Amazonka.NetworkFirewall.Types.StatefulEngineOptions where

import qualified Amazonka.Core as Core
import qualified Amazonka.Core.Lens.Internal as Lens
import qualified Amazonka.Data as Data
import Amazonka.NetworkFirewall.Types.RuleOrder
import Amazonka.NetworkFirewall.Types.StreamExceptionPolicy
import qualified Amazonka.Prelude as Prelude

-- | Configuration settings for the handling of the stateful rule groups in a
-- firewall policy.
--
-- /See:/ 'newStatefulEngineOptions' smart constructor.
data StatefulEngineOptions = StatefulEngineOptions'
  { -- | Indicates how to manage the order of stateful rule evaluation for the
    -- policy. @DEFAULT_ACTION_ORDER@ is the default behavior. Stateful rules
    -- are provided to the rule engine as Suricata compatible strings, and
    -- Suricata evaluates them based on certain settings. For more information,
    -- see
    -- <https://docs.aws.amazon.com/network-firewall/latest/developerguide/suricata-rule-evaluation-order.html Evaluation order for stateful rules>
    -- in the /Network Firewall Developer Guide/.
    StatefulEngineOptions -> Maybe RuleOrder
ruleOrder :: Prelude.Maybe RuleOrder,
    -- | Configures how Network Firewall processes traffic when a network
    -- connection breaks midstream. Network connections can break due to
    -- disruptions in external networks or within the firewall itself.
    --
    -- -   @DROP@ - Network Firewall fails closed and drops all subsequent
    --     traffic going to the firewall. This is the default behavior.
    --
    -- -   @CONTINUE@ - Network Firewall continues to apply rules to the
    --     subsequent traffic without context from traffic before the break.
    --     This impacts the behavior of rules that depend on this context. For
    --     example, if you have a stateful rule to @drop http@ traffic, Network
    --     Firewall won\'t match the traffic for this rule because the service
    --     won\'t have the context from session initialization defining the
    --     application layer protocol as HTTP. However, this behavior is rule
    --     dependent—a TCP-layer rule using a @flow:stateless@ rule would still
    --     match, as would the @aws:drop_strict@ default action.
    StatefulEngineOptions -> Maybe StreamExceptionPolicy
streamExceptionPolicy :: Prelude.Maybe StreamExceptionPolicy
  }
  deriving (StatefulEngineOptions -> StatefulEngineOptions -> Bool
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: StatefulEngineOptions -> StatefulEngineOptions -> Bool
$c/= :: StatefulEngineOptions -> StatefulEngineOptions -> Bool
== :: StatefulEngineOptions -> StatefulEngineOptions -> Bool
$c== :: StatefulEngineOptions -> StatefulEngineOptions -> Bool
Prelude.Eq, ReadPrec [StatefulEngineOptions]
ReadPrec StatefulEngineOptions
Int -> ReadS StatefulEngineOptions
ReadS [StatefulEngineOptions]
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [StatefulEngineOptions]
$creadListPrec :: ReadPrec [StatefulEngineOptions]
readPrec :: ReadPrec StatefulEngineOptions
$creadPrec :: ReadPrec StatefulEngineOptions
readList :: ReadS [StatefulEngineOptions]
$creadList :: ReadS [StatefulEngineOptions]
readsPrec :: Int -> ReadS StatefulEngineOptions
$creadsPrec :: Int -> ReadS StatefulEngineOptions
Prelude.Read, Int -> StatefulEngineOptions -> ShowS
[StatefulEngineOptions] -> ShowS
StatefulEngineOptions -> String
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [StatefulEngineOptions] -> ShowS
$cshowList :: [StatefulEngineOptions] -> ShowS
show :: StatefulEngineOptions -> String
$cshow :: StatefulEngineOptions -> String
showsPrec :: Int -> StatefulEngineOptions -> ShowS
$cshowsPrec :: Int -> StatefulEngineOptions -> ShowS
Prelude.Show, forall x. Rep StatefulEngineOptions x -> StatefulEngineOptions
forall x. StatefulEngineOptions -> Rep StatefulEngineOptions x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x. Rep StatefulEngineOptions x -> StatefulEngineOptions
$cfrom :: forall x. StatefulEngineOptions -> Rep StatefulEngineOptions x
Prelude.Generic)

-- |
-- Create a value of 'StatefulEngineOptions' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'ruleOrder', 'statefulEngineOptions_ruleOrder' - Indicates how to manage the order of stateful rule evaluation for the
-- policy. @DEFAULT_ACTION_ORDER@ is the default behavior. Stateful rules
-- are provided to the rule engine as Suricata compatible strings, and
-- Suricata evaluates them based on certain settings. For more information,
-- see
-- <https://docs.aws.amazon.com/network-firewall/latest/developerguide/suricata-rule-evaluation-order.html Evaluation order for stateful rules>
-- in the /Network Firewall Developer Guide/.
--
-- 'streamExceptionPolicy', 'statefulEngineOptions_streamExceptionPolicy' - Configures how Network Firewall processes traffic when a network
-- connection breaks midstream. Network connections can break due to
-- disruptions in external networks or within the firewall itself.
--
-- -   @DROP@ - Network Firewall fails closed and drops all subsequent
--     traffic going to the firewall. This is the default behavior.
--
-- -   @CONTINUE@ - Network Firewall continues to apply rules to the
--     subsequent traffic without context from traffic before the break.
--     This impacts the behavior of rules that depend on this context. For
--     example, if you have a stateful rule to @drop http@ traffic, Network
--     Firewall won\'t match the traffic for this rule because the service
--     won\'t have the context from session initialization defining the
--     application layer protocol as HTTP. However, this behavior is rule
--     dependent—a TCP-layer rule using a @flow:stateless@ rule would still
--     match, as would the @aws:drop_strict@ default action.
newStatefulEngineOptions ::
  StatefulEngineOptions
newStatefulEngineOptions :: StatefulEngineOptions
newStatefulEngineOptions =
  StatefulEngineOptions'
    { $sel:ruleOrder:StatefulEngineOptions' :: Maybe RuleOrder
ruleOrder = forall a. Maybe a
Prelude.Nothing,
      $sel:streamExceptionPolicy:StatefulEngineOptions' :: Maybe StreamExceptionPolicy
streamExceptionPolicy = forall a. Maybe a
Prelude.Nothing
    }

-- | Indicates how to manage the order of stateful rule evaluation for the
-- policy. @DEFAULT_ACTION_ORDER@ is the default behavior. Stateful rules
-- are provided to the rule engine as Suricata compatible strings, and
-- Suricata evaluates them based on certain settings. For more information,
-- see
-- <https://docs.aws.amazon.com/network-firewall/latest/developerguide/suricata-rule-evaluation-order.html Evaluation order for stateful rules>
-- in the /Network Firewall Developer Guide/.
statefulEngineOptions_ruleOrder :: Lens.Lens' StatefulEngineOptions (Prelude.Maybe RuleOrder)
statefulEngineOptions_ruleOrder :: Lens' StatefulEngineOptions (Maybe RuleOrder)
statefulEngineOptions_ruleOrder = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\StatefulEngineOptions' {Maybe RuleOrder
ruleOrder :: Maybe RuleOrder
$sel:ruleOrder:StatefulEngineOptions' :: StatefulEngineOptions -> Maybe RuleOrder
ruleOrder} -> Maybe RuleOrder
ruleOrder) (\s :: StatefulEngineOptions
s@StatefulEngineOptions' {} Maybe RuleOrder
a -> StatefulEngineOptions
s {$sel:ruleOrder:StatefulEngineOptions' :: Maybe RuleOrder
ruleOrder = Maybe RuleOrder
a} :: StatefulEngineOptions)

-- | Configures how Network Firewall processes traffic when a network
-- connection breaks midstream. Network connections can break due to
-- disruptions in external networks or within the firewall itself.
--
-- -   @DROP@ - Network Firewall fails closed and drops all subsequent
--     traffic going to the firewall. This is the default behavior.
--
-- -   @CONTINUE@ - Network Firewall continues to apply rules to the
--     subsequent traffic without context from traffic before the break.
--     This impacts the behavior of rules that depend on this context. For
--     example, if you have a stateful rule to @drop http@ traffic, Network
--     Firewall won\'t match the traffic for this rule because the service
--     won\'t have the context from session initialization defining the
--     application layer protocol as HTTP. However, this behavior is rule
--     dependent—a TCP-layer rule using a @flow:stateless@ rule would still
--     match, as would the @aws:drop_strict@ default action.
statefulEngineOptions_streamExceptionPolicy :: Lens.Lens' StatefulEngineOptions (Prelude.Maybe StreamExceptionPolicy)
statefulEngineOptions_streamExceptionPolicy :: Lens' StatefulEngineOptions (Maybe StreamExceptionPolicy)
statefulEngineOptions_streamExceptionPolicy = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\StatefulEngineOptions' {Maybe StreamExceptionPolicy
streamExceptionPolicy :: Maybe StreamExceptionPolicy
$sel:streamExceptionPolicy:StatefulEngineOptions' :: StatefulEngineOptions -> Maybe StreamExceptionPolicy
streamExceptionPolicy} -> Maybe StreamExceptionPolicy
streamExceptionPolicy) (\s :: StatefulEngineOptions
s@StatefulEngineOptions' {} Maybe StreamExceptionPolicy
a -> StatefulEngineOptions
s {$sel:streamExceptionPolicy:StatefulEngineOptions' :: Maybe StreamExceptionPolicy
streamExceptionPolicy = Maybe StreamExceptionPolicy
a} :: StatefulEngineOptions)

instance Data.FromJSON StatefulEngineOptions where
  parseJSON :: Value -> Parser StatefulEngineOptions
parseJSON =
    forall a. String -> (Object -> Parser a) -> Value -> Parser a
Data.withObject
      String
"StatefulEngineOptions"
      ( \Object
x ->
          Maybe RuleOrder
-> Maybe StreamExceptionPolicy -> StatefulEngineOptions
StatefulEngineOptions'
            forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> (Object
x forall a. FromJSON a => Object -> Key -> Parser (Maybe a)
Data..:? Key
"RuleOrder")
            forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x forall a. FromJSON a => Object -> Key -> Parser (Maybe a)
Data..:? Key
"StreamExceptionPolicy")
      )

instance Prelude.Hashable StatefulEngineOptions where
  hashWithSalt :: Int -> StatefulEngineOptions -> Int
hashWithSalt Int
_salt StatefulEngineOptions' {Maybe RuleOrder
Maybe StreamExceptionPolicy
streamExceptionPolicy :: Maybe StreamExceptionPolicy
ruleOrder :: Maybe RuleOrder
$sel:streamExceptionPolicy:StatefulEngineOptions' :: StatefulEngineOptions -> Maybe StreamExceptionPolicy
$sel:ruleOrder:StatefulEngineOptions' :: StatefulEngineOptions -> Maybe RuleOrder
..} =
    Int
_salt
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Maybe RuleOrder
ruleOrder
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Maybe StreamExceptionPolicy
streamExceptionPolicy

instance Prelude.NFData StatefulEngineOptions where
  rnf :: StatefulEngineOptions -> ()
rnf StatefulEngineOptions' {Maybe RuleOrder
Maybe StreamExceptionPolicy
streamExceptionPolicy :: Maybe StreamExceptionPolicy
ruleOrder :: Maybe RuleOrder
$sel:streamExceptionPolicy:StatefulEngineOptions' :: StatefulEngineOptions -> Maybe StreamExceptionPolicy
$sel:ruleOrder:StatefulEngineOptions' :: StatefulEngineOptions -> Maybe RuleOrder
..} =
    forall a. NFData a => a -> ()
Prelude.rnf Maybe RuleOrder
ruleOrder
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Maybe StreamExceptionPolicy
streamExceptionPolicy

instance Data.ToJSON StatefulEngineOptions where
  toJSON :: StatefulEngineOptions -> Value
toJSON StatefulEngineOptions' {Maybe RuleOrder
Maybe StreamExceptionPolicy
streamExceptionPolicy :: Maybe StreamExceptionPolicy
ruleOrder :: Maybe RuleOrder
$sel:streamExceptionPolicy:StatefulEngineOptions' :: StatefulEngineOptions -> Maybe StreamExceptionPolicy
$sel:ruleOrder:StatefulEngineOptions' :: StatefulEngineOptions -> Maybe RuleOrder
..} =
    [Pair] -> Value
Data.object
      ( forall a. [Maybe a] -> [a]
Prelude.catMaybes
          [ (Key
"RuleOrder" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv
Data..=) forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe RuleOrder
ruleOrder,
            (Key
"StreamExceptionPolicy" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv
Data..=)
              forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe StreamExceptionPolicy
streamExceptionPolicy
          ]
      )