{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE TypeFamilies #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-binds #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.EFS.PutFileSystemPolicy
-- Copyright   : (c) 2013-2023 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
--
-- Applies an Amazon EFS @FileSystemPolicy@ to an Amazon EFS file system. A
-- file system policy is an IAM resource-based policy and can contain
-- multiple policy statements. A file system always has exactly one file
-- system policy, which can be the default policy or an explicit policy set
-- or updated using this API operation. EFS file system policies have a
-- 20,000 character limit. When an explicit policy is set, it overrides the
-- default policy. For more information about the default file system
-- policy, see
-- <https://docs.aws.amazon.com/efs/latest/ug/iam-access-control-nfs-efs.html#default-filesystempolicy Default EFS File System Policy>.
--
-- EFS file system policies have a 20,000 character limit.
--
-- This operation requires permissions for the
-- @elasticfilesystem:PutFileSystemPolicy@ action.
module Amazonka.EFS.PutFileSystemPolicy
  ( -- * Creating a Request
    PutFileSystemPolicy (..),
    newPutFileSystemPolicy,

    -- * Request Lenses
    putFileSystemPolicy_bypassPolicyLockoutSafetyCheck,
    putFileSystemPolicy_fileSystemId,
    putFileSystemPolicy_policy,

    -- * Destructuring the Response
    FileSystemPolicyDescription (..),
    newFileSystemPolicyDescription,

    -- * Response Lenses
    fileSystemPolicyDescription_fileSystemId,
    fileSystemPolicyDescription_policy,
  )
where

import qualified Amazonka.Core as Core
import qualified Amazonka.Core.Lens.Internal as Lens
import qualified Amazonka.Data as Data
import Amazonka.EFS.Types
import qualified Amazonka.Prelude as Prelude
import qualified Amazonka.Request as Request
import qualified Amazonka.Response as Response

-- | /See:/ 'newPutFileSystemPolicy' smart constructor.
data PutFileSystemPolicy = PutFileSystemPolicy'
  { -- | (Optional) A boolean that specifies whether or not to bypass the
    -- @FileSystemPolicy@ lockout safety check. The lockout safety check
    -- determines whether the policy in the request will lock out, or prevent,
    -- the IAM principal that is making the request from making future
    -- @PutFileSystemPolicy@ requests on this file system. Set
    -- @BypassPolicyLockoutSafetyCheck@ to @True@ only when you intend to
    -- prevent the IAM principal that is making the request from making
    -- subsequent @PutFileSystemPolicy@ requests on this file system. The
    -- default value is @False@.
    PutFileSystemPolicy -> Maybe Bool
bypassPolicyLockoutSafetyCheck :: Prelude.Maybe Prelude.Bool,
    -- | The ID of the EFS file system that you want to create or update the
    -- @FileSystemPolicy@ for.
    PutFileSystemPolicy -> Text
fileSystemId :: Prelude.Text,
    -- | The @FileSystemPolicy@ that you\'re creating. Accepts a JSON formatted
    -- policy definition. EFS file system policies have a 20,000 character
    -- limit. To find out more about the elements that make up a file system
    -- policy, see
    -- <https://docs.aws.amazon.com/efs/latest/ug/access-control-overview.html#access-control-manage-access-intro-resource-policies EFS Resource-based Policies>.
    PutFileSystemPolicy -> Text
policy :: Prelude.Text
  }
  deriving (PutFileSystemPolicy -> PutFileSystemPolicy -> Bool
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: PutFileSystemPolicy -> PutFileSystemPolicy -> Bool
$c/= :: PutFileSystemPolicy -> PutFileSystemPolicy -> Bool
== :: PutFileSystemPolicy -> PutFileSystemPolicy -> Bool
$c== :: PutFileSystemPolicy -> PutFileSystemPolicy -> Bool
Prelude.Eq, ReadPrec [PutFileSystemPolicy]
ReadPrec PutFileSystemPolicy
Int -> ReadS PutFileSystemPolicy
ReadS [PutFileSystemPolicy]
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [PutFileSystemPolicy]
$creadListPrec :: ReadPrec [PutFileSystemPolicy]
readPrec :: ReadPrec PutFileSystemPolicy
$creadPrec :: ReadPrec PutFileSystemPolicy
readList :: ReadS [PutFileSystemPolicy]
$creadList :: ReadS [PutFileSystemPolicy]
readsPrec :: Int -> ReadS PutFileSystemPolicy
$creadsPrec :: Int -> ReadS PutFileSystemPolicy
Prelude.Read, Int -> PutFileSystemPolicy -> ShowS
[PutFileSystemPolicy] -> ShowS
PutFileSystemPolicy -> String
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [PutFileSystemPolicy] -> ShowS
$cshowList :: [PutFileSystemPolicy] -> ShowS
show :: PutFileSystemPolicy -> String
$cshow :: PutFileSystemPolicy -> String
showsPrec :: Int -> PutFileSystemPolicy -> ShowS
$cshowsPrec :: Int -> PutFileSystemPolicy -> ShowS
Prelude.Show, forall x. Rep PutFileSystemPolicy x -> PutFileSystemPolicy
forall x. PutFileSystemPolicy -> Rep PutFileSystemPolicy x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x. Rep PutFileSystemPolicy x -> PutFileSystemPolicy
$cfrom :: forall x. PutFileSystemPolicy -> Rep PutFileSystemPolicy x
Prelude.Generic)

-- |
-- Create a value of 'PutFileSystemPolicy' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'bypassPolicyLockoutSafetyCheck', 'putFileSystemPolicy_bypassPolicyLockoutSafetyCheck' - (Optional) A boolean that specifies whether or not to bypass the
-- @FileSystemPolicy@ lockout safety check. The lockout safety check
-- determines whether the policy in the request will lock out, or prevent,
-- the IAM principal that is making the request from making future
-- @PutFileSystemPolicy@ requests on this file system. Set
-- @BypassPolicyLockoutSafetyCheck@ to @True@ only when you intend to
-- prevent the IAM principal that is making the request from making
-- subsequent @PutFileSystemPolicy@ requests on this file system. The
-- default value is @False@.
--
-- 'fileSystemId', 'putFileSystemPolicy_fileSystemId' - The ID of the EFS file system that you want to create or update the
-- @FileSystemPolicy@ for.
--
-- 'policy', 'putFileSystemPolicy_policy' - The @FileSystemPolicy@ that you\'re creating. Accepts a JSON formatted
-- policy definition. EFS file system policies have a 20,000 character
-- limit. To find out more about the elements that make up a file system
-- policy, see
-- <https://docs.aws.amazon.com/efs/latest/ug/access-control-overview.html#access-control-manage-access-intro-resource-policies EFS Resource-based Policies>.
newPutFileSystemPolicy ::
  -- | 'fileSystemId'
  Prelude.Text ->
  -- | 'policy'
  Prelude.Text ->
  PutFileSystemPolicy
newPutFileSystemPolicy :: Text -> Text -> PutFileSystemPolicy
newPutFileSystemPolicy Text
pFileSystemId_ Text
pPolicy_ =
  PutFileSystemPolicy'
    { $sel:bypassPolicyLockoutSafetyCheck:PutFileSystemPolicy' :: Maybe Bool
bypassPolicyLockoutSafetyCheck =
        forall a. Maybe a
Prelude.Nothing,
      $sel:fileSystemId:PutFileSystemPolicy' :: Text
fileSystemId = Text
pFileSystemId_,
      $sel:policy:PutFileSystemPolicy' :: Text
policy = Text
pPolicy_
    }

-- | (Optional) A boolean that specifies whether or not to bypass the
-- @FileSystemPolicy@ lockout safety check. The lockout safety check
-- determines whether the policy in the request will lock out, or prevent,
-- the IAM principal that is making the request from making future
-- @PutFileSystemPolicy@ requests on this file system. Set
-- @BypassPolicyLockoutSafetyCheck@ to @True@ only when you intend to
-- prevent the IAM principal that is making the request from making
-- subsequent @PutFileSystemPolicy@ requests on this file system. The
-- default value is @False@.
putFileSystemPolicy_bypassPolicyLockoutSafetyCheck :: Lens.Lens' PutFileSystemPolicy (Prelude.Maybe Prelude.Bool)
putFileSystemPolicy_bypassPolicyLockoutSafetyCheck :: Lens' PutFileSystemPolicy (Maybe Bool)
putFileSystemPolicy_bypassPolicyLockoutSafetyCheck = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\PutFileSystemPolicy' {Maybe Bool
bypassPolicyLockoutSafetyCheck :: Maybe Bool
$sel:bypassPolicyLockoutSafetyCheck:PutFileSystemPolicy' :: PutFileSystemPolicy -> Maybe Bool
bypassPolicyLockoutSafetyCheck} -> Maybe Bool
bypassPolicyLockoutSafetyCheck) (\s :: PutFileSystemPolicy
s@PutFileSystemPolicy' {} Maybe Bool
a -> PutFileSystemPolicy
s {$sel:bypassPolicyLockoutSafetyCheck:PutFileSystemPolicy' :: Maybe Bool
bypassPolicyLockoutSafetyCheck = Maybe Bool
a} :: PutFileSystemPolicy)

-- | The ID of the EFS file system that you want to create or update the
-- @FileSystemPolicy@ for.
putFileSystemPolicy_fileSystemId :: Lens.Lens' PutFileSystemPolicy Prelude.Text
putFileSystemPolicy_fileSystemId :: Lens' PutFileSystemPolicy Text
putFileSystemPolicy_fileSystemId = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\PutFileSystemPolicy' {Text
fileSystemId :: Text
$sel:fileSystemId:PutFileSystemPolicy' :: PutFileSystemPolicy -> Text
fileSystemId} -> Text
fileSystemId) (\s :: PutFileSystemPolicy
s@PutFileSystemPolicy' {} Text
a -> PutFileSystemPolicy
s {$sel:fileSystemId:PutFileSystemPolicy' :: Text
fileSystemId = Text
a} :: PutFileSystemPolicy)

-- | The @FileSystemPolicy@ that you\'re creating. Accepts a JSON formatted
-- policy definition. EFS file system policies have a 20,000 character
-- limit. To find out more about the elements that make up a file system
-- policy, see
-- <https://docs.aws.amazon.com/efs/latest/ug/access-control-overview.html#access-control-manage-access-intro-resource-policies EFS Resource-based Policies>.
putFileSystemPolicy_policy :: Lens.Lens' PutFileSystemPolicy Prelude.Text
putFileSystemPolicy_policy :: Lens' PutFileSystemPolicy Text
putFileSystemPolicy_policy = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\PutFileSystemPolicy' {Text
policy :: Text
$sel:policy:PutFileSystemPolicy' :: PutFileSystemPolicy -> Text
policy} -> Text
policy) (\s :: PutFileSystemPolicy
s@PutFileSystemPolicy' {} Text
a -> PutFileSystemPolicy
s {$sel:policy:PutFileSystemPolicy' :: Text
policy = Text
a} :: PutFileSystemPolicy)

instance Core.AWSRequest PutFileSystemPolicy where
  type
    AWSResponse PutFileSystemPolicy =
      FileSystemPolicyDescription
  request :: (Service -> Service)
-> PutFileSystemPolicy -> Request PutFileSystemPolicy
request Service -> Service
overrides =
    forall a. (ToRequest a, ToJSON a) => Service -> a -> Request a
Request.putJSON (Service -> Service
overrides Service
defaultService)
  response :: forall (m :: * -> *).
MonadResource m =>
(ByteStringLazy -> IO ByteStringLazy)
-> Service
-> Proxy PutFileSystemPolicy
-> ClientResponse ClientBody
-> m (Either
        Error (ClientResponse (AWSResponse PutFileSystemPolicy)))
response =
    forall (m :: * -> *) a.
MonadResource m =>
(Int -> ResponseHeaders -> Object -> Either String (AWSResponse a))
-> (ByteStringLazy -> IO ByteStringLazy)
-> Service
-> Proxy a
-> ClientResponse ClientBody
-> m (Either Error (ClientResponse (AWSResponse a)))
Response.receiveJSON
      (\Int
s ResponseHeaders
h Object
x -> forall a. FromJSON a => Object -> Either String a
Data.eitherParseJSON Object
x)

instance Prelude.Hashable PutFileSystemPolicy where
  hashWithSalt :: Int -> PutFileSystemPolicy -> Int
hashWithSalt Int
_salt PutFileSystemPolicy' {Maybe Bool
Text
policy :: Text
fileSystemId :: Text
bypassPolicyLockoutSafetyCheck :: Maybe Bool
$sel:policy:PutFileSystemPolicy' :: PutFileSystemPolicy -> Text
$sel:fileSystemId:PutFileSystemPolicy' :: PutFileSystemPolicy -> Text
$sel:bypassPolicyLockoutSafetyCheck:PutFileSystemPolicy' :: PutFileSystemPolicy -> Maybe Bool
..} =
    Int
_salt
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Maybe Bool
bypassPolicyLockoutSafetyCheck
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Text
fileSystemId
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Text
policy

instance Prelude.NFData PutFileSystemPolicy where
  rnf :: PutFileSystemPolicy -> ()
rnf PutFileSystemPolicy' {Maybe Bool
Text
policy :: Text
fileSystemId :: Text
bypassPolicyLockoutSafetyCheck :: Maybe Bool
$sel:policy:PutFileSystemPolicy' :: PutFileSystemPolicy -> Text
$sel:fileSystemId:PutFileSystemPolicy' :: PutFileSystemPolicy -> Text
$sel:bypassPolicyLockoutSafetyCheck:PutFileSystemPolicy' :: PutFileSystemPolicy -> Maybe Bool
..} =
    forall a. NFData a => a -> ()
Prelude.rnf Maybe Bool
bypassPolicyLockoutSafetyCheck
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Text
fileSystemId
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Text
policy

instance Data.ToHeaders PutFileSystemPolicy where
  toHeaders :: PutFileSystemPolicy -> ResponseHeaders
toHeaders = forall a b. a -> b -> a
Prelude.const forall a. Monoid a => a
Prelude.mempty

instance Data.ToJSON PutFileSystemPolicy where
  toJSON :: PutFileSystemPolicy -> Value
toJSON PutFileSystemPolicy' {Maybe Bool
Text
policy :: Text
fileSystemId :: Text
bypassPolicyLockoutSafetyCheck :: Maybe Bool
$sel:policy:PutFileSystemPolicy' :: PutFileSystemPolicy -> Text
$sel:fileSystemId:PutFileSystemPolicy' :: PutFileSystemPolicy -> Text
$sel:bypassPolicyLockoutSafetyCheck:PutFileSystemPolicy' :: PutFileSystemPolicy -> Maybe Bool
..} =
    [Pair] -> Value
Data.object
      ( forall a. [Maybe a] -> [a]
Prelude.catMaybes
          [ (Key
"BypassPolicyLockoutSafetyCheck" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv
Data..=)
              forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe Bool
bypassPolicyLockoutSafetyCheck,
            forall a. a -> Maybe a
Prelude.Just (Key
"Policy" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv
Data..= Text
policy)
          ]
      )

instance Data.ToPath PutFileSystemPolicy where
  toPath :: PutFileSystemPolicy -> ByteString
toPath PutFileSystemPolicy' {Maybe Bool
Text
policy :: Text
fileSystemId :: Text
bypassPolicyLockoutSafetyCheck :: Maybe Bool
$sel:policy:PutFileSystemPolicy' :: PutFileSystemPolicy -> Text
$sel:fileSystemId:PutFileSystemPolicy' :: PutFileSystemPolicy -> Text
$sel:bypassPolicyLockoutSafetyCheck:PutFileSystemPolicy' :: PutFileSystemPolicy -> Maybe Bool
..} =
    forall a. Monoid a => [a] -> a
Prelude.mconcat
      [ ByteString
"/2015-02-01/file-systems/",
        forall a. ToByteString a => a -> ByteString
Data.toBS Text
fileSystemId,
        ByteString
"/policy"
      ]

instance Data.ToQuery PutFileSystemPolicy where
  toQuery :: PutFileSystemPolicy -> QueryString
toQuery = forall a b. a -> b -> a
Prelude.const forall a. Monoid a => a
Prelude.mempty