module AWS.EC2.Acl
( describeNetworkAcls
, createNetworkAcl
, deleteNetworkAcl
, replaceNetworkAclAssociation
, createNetworkAclEntry
, deleteNetworkAclEntry
, replaceNetworkAclEntry
) where
import Data.Text (Text)
import Data.XML.Types (Event)
import Data.Conduit
import Control.Applicative
import AWS.EC2.Internal
import AWS.EC2.Types
import AWS.EC2.Query
import AWS.Lib.Parser
import AWS.Util
describeNetworkAcls
:: (MonadResource m, MonadBaseControl IO m)
=> [Text]
-> [Filter]
-> EC2 m (ResumableSource m NetworkAcl)
describeNetworkAcls nids filters = do
ec2QuerySource "DescribeNetworkAcls" params $
itemConduit "networkAclSet" networkAclSink
where
params =
[ "NetworkAclId" |.#= nids
, filtersParam filters
]
networkAclSink :: MonadThrow m
=> GLSink Event m NetworkAcl
networkAclSink = NetworkAcl
<$> getT "networkAclId"
<*> getT "vpcId"
<*> getT "default"
<*> itemsSet "entrySet" (NetworkAclEntry
<$> getT "ruleNumber"
<*> getT "protocol"
<*> getT "ruleAction"
<*> getT "egress"
<*> getT "cidrBlock"
<*> elementM "icmpTypeCode" (IcmpTypeCode
<$> getT "code"
<*> getT "type"
)
<*> elementM "portRange" (PortRange
<$> getT "from"
<*> getT "to"))
<*> itemsSet "associationSet" (NetworkAclAssociation
<$> getT "networkAclAssociationId"
<*> getT "networkAclId"
<*> getT "subnetId"
)
<*> resourceTagSink
createNetworkAcl
:: (MonadResource m, MonadBaseControl IO m)
=> Text
-> EC2 m NetworkAcl
createNetworkAcl vpcid =
ec2Query "CreateNetworkAcl" params $
element "networkAcl" networkAclSink
where
params = ["VpcId" |= vpcid]
deleteNetworkAcl
:: (MonadResource m, MonadBaseControl IO m)
=> Text
-> EC2 m Bool
deleteNetworkAcl = ec2Delete "DeleteNetworkAcl" "NetworkAclId"
replaceNetworkAclAssociation
:: (MonadResource m, MonadBaseControl IO m)
=> Text
-> Text
-> EC2 m Text
replaceNetworkAclAssociation assoc aclid =
ec2Query "ReplaceNetworkAclAssociation" params $
getT "newAssociationId"
where
params =
[ "AssociationId" |= assoc
, "NetworkAclId" |= aclid
]
createNetworkAclEntry
:: (MonadResource m, MonadBaseControl IO m)
=> NetworkAclEntryRequest
-> EC2 m Bool
createNetworkAclEntry req =
ec2Query "CreateNetworkAclEntry" params $ getT "return"
where
params = reqToParams req
reqToParams :: NetworkAclEntryRequest -> [QueryParam]
reqToParams req =
[ "NetworkAclId" |=
networkAclEntryRequestNetworkAclId req
, "RuleNumber" |=
toText (networkAclEntryRequestRuleNumber req)
, "Protocol" |=
toText (networkAclEntryRequestProtocol req)
, "RuleAction" |=
ruleToText (networkAclEntryRequestRuleAction req)
, "CidrBlock" |=
networkAclEntryRequestCidrBlock req
, "Egress" |=
boolToText (networkAclEntryRequestEgress req)
, "Icmp" |.? icmpParams <$> networkAclEntryRequestIcmp req
, "PortRange" |.?
portRangeParams <$> networkAclEntryRequestPortRange req
]
where
ruleToText NetworkAclRuleActionAllow = "allow"
ruleToText NetworkAclRuleActionDeny = "deny"
icmpParams icmp =
[ "Code" |= toText (icmpTypeCodeCode icmp)
, "Type" |= toText (icmpTypeCodeType icmp)
]
portRangeParams pr =
[ "From" |= toText (portRangeFrom pr)
, "To" |= toText (portRangeTo pr)
]
deleteNetworkAclEntry
:: (MonadResource m, MonadBaseControl IO m)
=> Text
-> Int
-> Bool
-> EC2 m Bool
deleteNetworkAclEntry aclid rule egress =
ec2Query "DeleteNetworkAclEntry" params $ getT "return"
where
params =
[ "NetworkAclId" |= aclid
, "RuleNumber" |= toText rule
, "Egress" |= boolToText egress
]
replaceNetworkAclEntry
:: (MonadResource m, MonadBaseControl IO m)
=> NetworkAclEntryRequest
-> EC2 m Bool
replaceNetworkAclEntry req =
ec2Query "ReplaceNetworkAclEntry" params $ getT "return"
where
params = reqToParams req