software.amazon.awssdk.services.fms.model.Policy Maven / Gradle / Ivy
Show all versions of fms Show documentation
/*
* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with
* the License. A copy of the License is located at
*
* http://aws.amazon.com/apache2.0
*
* or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
* CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions
* and limitations under the License.
*/
package software.amazon.awssdk.services.fms.model;
import java.io.Serializable;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.function.BiConsumer;
import java.util.function.Consumer;
import java.util.function.Function;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import software.amazon.awssdk.annotations.Generated;
import software.amazon.awssdk.core.SdkField;
import software.amazon.awssdk.core.SdkPojo;
import software.amazon.awssdk.core.protocol.MarshallLocation;
import software.amazon.awssdk.core.protocol.MarshallingType;
import software.amazon.awssdk.core.traits.ListTrait;
import software.amazon.awssdk.core.traits.LocationTrait;
import software.amazon.awssdk.core.traits.MapTrait;
import software.amazon.awssdk.core.util.DefaultSdkAutoConstructList;
import software.amazon.awssdk.core.util.DefaultSdkAutoConstructMap;
import software.amazon.awssdk.core.util.SdkAutoConstructList;
import software.amazon.awssdk.core.util.SdkAutoConstructMap;
import software.amazon.awssdk.utils.ToString;
import software.amazon.awssdk.utils.builder.CopyableBuilder;
import software.amazon.awssdk.utils.builder.ToCopyableBuilder;
/**
*
* An Firewall Manager policy.
*
*/
@Generated("software.amazon.awssdk:codegen")
public final class Policy implements SdkPojo, Serializable, ToCopyableBuilder {
private static final SdkField POLICY_ID_FIELD = SdkField. builder(MarshallingType.STRING)
.memberName("PolicyId").getter(getter(Policy::policyId)).setter(setter(Builder::policyId))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("PolicyId").build()).build();
private static final SdkField POLICY_NAME_FIELD = SdkField. builder(MarshallingType.STRING)
.memberName("PolicyName").getter(getter(Policy::policyName)).setter(setter(Builder::policyName))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("PolicyName").build()).build();
private static final SdkField POLICY_UPDATE_TOKEN_FIELD = SdkField. builder(MarshallingType.STRING)
.memberName("PolicyUpdateToken").getter(getter(Policy::policyUpdateToken)).setter(setter(Builder::policyUpdateToken))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("PolicyUpdateToken").build()).build();
private static final SdkField SECURITY_SERVICE_POLICY_DATA_FIELD = SdkField
. builder(MarshallingType.SDK_POJO).memberName("SecurityServicePolicyData")
.getter(getter(Policy::securityServicePolicyData)).setter(setter(Builder::securityServicePolicyData))
.constructor(SecurityServicePolicyData::builder)
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("SecurityServicePolicyData").build())
.build();
private static final SdkField RESOURCE_TYPE_FIELD = SdkField. builder(MarshallingType.STRING)
.memberName("ResourceType").getter(getter(Policy::resourceType)).setter(setter(Builder::resourceType))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("ResourceType").build()).build();
private static final SdkField> RESOURCE_TYPE_LIST_FIELD = SdkField
.> builder(MarshallingType.LIST)
.memberName("ResourceTypeList")
.getter(getter(Policy::resourceTypeList))
.setter(setter(Builder::resourceTypeList))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("ResourceTypeList").build(),
ListTrait
.builder()
.memberLocationName(null)
.memberFieldInfo(
SdkField. builder(MarshallingType.STRING)
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD)
.locationName("member").build()).build()).build()).build();
private static final SdkField> RESOURCE_TAGS_FIELD = SdkField
.> builder(MarshallingType.LIST)
.memberName("ResourceTags")
.getter(getter(Policy::resourceTags))
.setter(setter(Builder::resourceTags))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("ResourceTags").build(),
ListTrait
.builder()
.memberLocationName(null)
.memberFieldInfo(
SdkField. builder(MarshallingType.SDK_POJO)
.constructor(ResourceTag::builder)
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD)
.locationName("member").build()).build()).build()).build();
private static final SdkField EXCLUDE_RESOURCE_TAGS_FIELD = SdkField. builder(MarshallingType.BOOLEAN)
.memberName("ExcludeResourceTags").getter(getter(Policy::excludeResourceTags))
.setter(setter(Builder::excludeResourceTags))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("ExcludeResourceTags").build())
.build();
private static final SdkField REMEDIATION_ENABLED_FIELD = SdkField. builder(MarshallingType.BOOLEAN)
.memberName("RemediationEnabled").getter(getter(Policy::remediationEnabled))
.setter(setter(Builder::remediationEnabled))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("RemediationEnabled").build())
.build();
private static final SdkField DELETE_UNUSED_FM_MANAGED_RESOURCES_FIELD = SdkField
. builder(MarshallingType.BOOLEAN)
.memberName("DeleteUnusedFMManagedResources")
.getter(getter(Policy::deleteUnusedFMManagedResources))
.setter(setter(Builder::deleteUnusedFMManagedResources))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("DeleteUnusedFMManagedResources")
.build()).build();
private static final SdkField>> INCLUDE_MAP_FIELD = SdkField
.>> builder(MarshallingType.MAP)
.memberName("IncludeMap")
.getter(getter(Policy::includeMapAsStrings))
.setter(setter(Builder::includeMapWithStrings))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("IncludeMap").build(),
MapTrait.builder()
.keyLocationName("key")
.valueLocationName("value")
.valueFieldInfo(
SdkField.> builder(MarshallingType.LIST)
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD)
.locationName("value").build(),
ListTrait
.builder()
.memberLocationName(null)
.memberFieldInfo(
SdkField. builder(MarshallingType.STRING)
.traits(LocationTrait.builder()
.location(MarshallLocation.PAYLOAD)
.locationName("member").build()).build())
.build()).build()).build()).build();
private static final SdkField>> EXCLUDE_MAP_FIELD = SdkField
.>> builder(MarshallingType.MAP)
.memberName("ExcludeMap")
.getter(getter(Policy::excludeMapAsStrings))
.setter(setter(Builder::excludeMapWithStrings))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("ExcludeMap").build(),
MapTrait.builder()
.keyLocationName("key")
.valueLocationName("value")
.valueFieldInfo(
SdkField.> builder(MarshallingType.LIST)
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD)
.locationName("value").build(),
ListTrait
.builder()
.memberLocationName(null)
.memberFieldInfo(
SdkField. builder(MarshallingType.STRING)
.traits(LocationTrait.builder()
.location(MarshallLocation.PAYLOAD)
.locationName("member").build()).build())
.build()).build()).build()).build();
private static final SdkField> RESOURCE_SET_IDS_FIELD = SdkField
.> builder(MarshallingType.LIST)
.memberName("ResourceSetIds")
.getter(getter(Policy::resourceSetIds))
.setter(setter(Builder::resourceSetIds))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("ResourceSetIds").build(),
ListTrait
.builder()
.memberLocationName(null)
.memberFieldInfo(
SdkField. builder(MarshallingType.STRING)
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD)
.locationName("member").build()).build()).build()).build();
private static final SdkField POLICY_DESCRIPTION_FIELD = SdkField. builder(MarshallingType.STRING)
.memberName("PolicyDescription").getter(getter(Policy::policyDescription)).setter(setter(Builder::policyDescription))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("PolicyDescription").build()).build();
private static final SdkField POLICY_STATUS_FIELD = SdkField. builder(MarshallingType.STRING)
.memberName("PolicyStatus").getter(getter(Policy::policyStatusAsString)).setter(setter(Builder::policyStatus))
.traits(LocationTrait.builder().location(MarshallLocation.PAYLOAD).locationName("PolicyStatus").build()).build();
private static final List> SDK_FIELDS = Collections.unmodifiableList(Arrays.asList(POLICY_ID_FIELD,
POLICY_NAME_FIELD, POLICY_UPDATE_TOKEN_FIELD, SECURITY_SERVICE_POLICY_DATA_FIELD, RESOURCE_TYPE_FIELD,
RESOURCE_TYPE_LIST_FIELD, RESOURCE_TAGS_FIELD, EXCLUDE_RESOURCE_TAGS_FIELD, REMEDIATION_ENABLED_FIELD,
DELETE_UNUSED_FM_MANAGED_RESOURCES_FIELD, INCLUDE_MAP_FIELD, EXCLUDE_MAP_FIELD, RESOURCE_SET_IDS_FIELD,
POLICY_DESCRIPTION_FIELD, POLICY_STATUS_FIELD));
private static final long serialVersionUID = 1L;
private final String policyId;
private final String policyName;
private final String policyUpdateToken;
private final SecurityServicePolicyData securityServicePolicyData;
private final String resourceType;
private final List resourceTypeList;
private final List resourceTags;
private final Boolean excludeResourceTags;
private final Boolean remediationEnabled;
private final Boolean deleteUnusedFMManagedResources;
private final Map> includeMap;
private final Map> excludeMap;
private final List resourceSetIds;
private final String policyDescription;
private final String policyStatus;
private Policy(BuilderImpl builder) {
this.policyId = builder.policyId;
this.policyName = builder.policyName;
this.policyUpdateToken = builder.policyUpdateToken;
this.securityServicePolicyData = builder.securityServicePolicyData;
this.resourceType = builder.resourceType;
this.resourceTypeList = builder.resourceTypeList;
this.resourceTags = builder.resourceTags;
this.excludeResourceTags = builder.excludeResourceTags;
this.remediationEnabled = builder.remediationEnabled;
this.deleteUnusedFMManagedResources = builder.deleteUnusedFMManagedResources;
this.includeMap = builder.includeMap;
this.excludeMap = builder.excludeMap;
this.resourceSetIds = builder.resourceSetIds;
this.policyDescription = builder.policyDescription;
this.policyStatus = builder.policyStatus;
}
/**
*
* The ID of the Firewall Manager policy.
*
*
* @return The ID of the Firewall Manager policy.
*/
public final String policyId() {
return policyId;
}
/**
*
* The name of the Firewall Manager policy.
*
*
* @return The name of the Firewall Manager policy.
*/
public final String policyName() {
return policyName;
}
/**
*
* A unique identifier for each update to the policy. When issuing a PutPolicy request, the
* PolicyUpdateToken in the request must match the PolicyUpdateToken of the current policy
* version. To get the PolicyUpdateToken of the current policy version, use a GetPolicy
* request.
*
*
* @return A unique identifier for each update to the policy. When issuing a PutPolicy request, the
* PolicyUpdateToken in the request must match the PolicyUpdateToken of the
* current policy version. To get the PolicyUpdateToken of the current policy version, use a
* GetPolicy request.
*/
public final String policyUpdateToken() {
return policyUpdateToken;
}
/**
*
* Details about the security service that is being used to protect the resources.
*
*
* @return Details about the security service that is being used to protect the resources.
*/
public final SecurityServicePolicyData securityServicePolicyData() {
return securityServicePolicyData;
}
/**
*
* The type of resource protected by or in scope of the policy. This is in the format shown in the Amazon
* Web Services Resource Types Reference. To apply this policy to multiple resource types, specify a resource
* type of ResourceTypeList and then specify the resource types in a ResourceTypeList.
*
*
* For WAF and Shield Advanced, resource types include AWS::ElasticLoadBalancingV2::LoadBalancer,
* AWS::ElasticLoadBalancing::LoadBalancer, AWS::EC2::EIP, and
* AWS::CloudFront::Distribution. For a security group common policy, valid values are
* AWS::EC2::NetworkInterface and AWS::EC2::Instance. For a security group content audit
* policy, valid values are AWS::EC2::SecurityGroup, AWS::EC2::NetworkInterface, and
* AWS::EC2::Instance. For a security group usage audit policy, the value is
* AWS::EC2::SecurityGroup. For an Network Firewall policy or DNS Firewall policy, the value is
* AWS::EC2::VPC.
*
*
* @return The type of resource protected by or in scope of the policy. This is in the format shown in the Amazon Web Services Resource Types Reference. To apply this policy to multiple resource types,
* specify a resource type of ResourceTypeList and then specify the resource types in a
* ResourceTypeList.
*
* For WAF and Shield Advanced, resource types include
* AWS::ElasticLoadBalancingV2::LoadBalancer,
* AWS::ElasticLoadBalancing::LoadBalancer, AWS::EC2::EIP, and
* AWS::CloudFront::Distribution. For a security group common policy, valid values are
* AWS::EC2::NetworkInterface and AWS::EC2::Instance. For a security group content
* audit policy, valid values are AWS::EC2::SecurityGroup,
* AWS::EC2::NetworkInterface, and AWS::EC2::Instance. For a security group usage
* audit policy, the value is AWS::EC2::SecurityGroup. For an Network Firewall policy or DNS
* Firewall policy, the value is AWS::EC2::VPC.
*/
public final String resourceType() {
return resourceType;
}
/**
* For responses, this returns true if the service returned a value for the ResourceTypeList property. This DOES NOT
* check that the value is non-empty (for which, you should check the {@code isEmpty()} method on the property).
* This is useful because the SDK will never return a null collection or map, but you may need to differentiate
* between the service returning nothing (or null) and the service returning an empty collection or map. For
* requests, this returns true if a value for the property was specified in the request builder, and false if a
* value was not specified.
*/
public final boolean hasResourceTypeList() {
return resourceTypeList != null && !(resourceTypeList instanceof SdkAutoConstructList);
}
/**
*
* An array of ResourceType objects. Use this only to specify multiple resource types. To specify a
* single resource type, use ResourceType.
*
*
* Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.
*
*
* This method will never return null. If you would like to know whether the service returned this field (so that
* you can differentiate between null and empty), you can use the {@link #hasResourceTypeList} method.
*
*
* @return An array of ResourceType objects. Use this only to specify multiple resource types. To
* specify a single resource type, use ResourceType.
*/
public final List resourceTypeList() {
return resourceTypeList;
}
/**
* For responses, this returns true if the service returned a value for the ResourceTags property. This DOES NOT
* check that the value is non-empty (for which, you should check the {@code isEmpty()} method on the property).
* This is useful because the SDK will never return a null collection or map, but you may need to differentiate
* between the service returning nothing (or null) and the service returning an empty collection or map. For
* requests, this returns true if a value for the property was specified in the request builder, and false if a
* value was not specified.
*/
public final boolean hasResourceTags() {
return resourceTags != null && !(resourceTags instanceof SdkAutoConstructList);
}
/**
*
* An array of ResourceTag objects.
*
*
* Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.
*
*
* This method will never return null. If you would like to know whether the service returned this field (so that
* you can differentiate between null and empty), you can use the {@link #hasResourceTags} method.
*
*
* @return An array of ResourceTag objects.
*/
public final List resourceTags() {
return resourceTags;
}
/**
*
* If set to True, resources with the tags that are specified in the ResourceTag array are
* not in scope of the policy. If set to False, and the ResourceTag array is not null,
* only resources with the specified tags are in scope of the policy.
*
*
* @return If set to True, resources with the tags that are specified in the ResourceTag
* array are not in scope of the policy. If set to False, and the ResourceTag
* array is not null, only resources with the specified tags are in scope of the policy.
*/
public final Boolean excludeResourceTags() {
return excludeResourceTags;
}
/**
*
* Indicates if the policy should be automatically applied to new resources.
*
*
* @return Indicates if the policy should be automatically applied to new resources.
*/
public final Boolean remediationEnabled() {
return remediationEnabled;
}
/**
*
* Indicates whether Firewall Manager should automatically remove protections from resources that leave the policy
* scope and clean up resources that Firewall Manager is managing for accounts when those accounts leave policy
* scope. For example, Firewall Manager will disassociate a Firewall Manager managed web ACL from a protected
* customer resource when the customer resource leaves policy scope.
*
*
* By default, Firewall Manager doesn't remove protections or delete Firewall Manager managed resources.
*
*
* This option is not available for Shield Advanced or WAF Classic policies.
*
*
* @return Indicates whether Firewall Manager should automatically remove protections from resources that leave the
* policy scope and clean up resources that Firewall Manager is managing for accounts when those accounts
* leave policy scope. For example, Firewall Manager will disassociate a Firewall Manager managed web ACL
* from a protected customer resource when the customer resource leaves policy scope.
*
* By default, Firewall Manager doesn't remove protections or delete Firewall Manager managed resources.
*
*
* This option is not available for Shield Advanced or WAF Classic policies.
*/
public final Boolean deleteUnusedFMManagedResources() {
return deleteUnusedFMManagedResources;
}
/**
*
* Specifies the Amazon Web Services account IDs and Organizations organizational units (OUs) to include in the
* policy. Specifying an OU is the equivalent of specifying all accounts in the OU and in any of its child OUs,
* including any child OUs and accounts that are added at a later time.
*
*
* You can specify inclusions or exclusions, but not both. If you specify an IncludeMap, Firewall
* Manager applies the policy to all accounts specified by the IncludeMap, and does not evaluate any
* ExcludeMap specifications. If you do not specify an IncludeMap, then Firewall Manager
* applies the policy to all accounts except for those specified by the ExcludeMap.
*
*
* You can specify account IDs, OUs, or a combination:
*
*
* -
*
* Specify account IDs by setting the key to ACCOUNT. For example, the following is a valid map:
* {“ACCOUNT” : [“accountID1”, “accountID2”]}.
*
*
* -
*
* Specify OUs by setting the key to ORG_UNIT. For example, the following is a valid map:
* {“ORG_UNIT” : [“ouid111”, “ouid112”]}.
*
*
* -
*
* Specify accounts and OUs together in a single map, separated with a comma. For example, the following is a valid
* map: {“ACCOUNT” : [“accountID1”, “accountID2”], “ORG_UNIT” : [“ouid111”, “ouid112”]}.
*
*
*
*
* Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.
*
*
* This method will never return null. If you would like to know whether the service returned this field (so that
* you can differentiate between null and empty), you can use the {@link #hasIncludeMap} method.
*
*
* @return Specifies the Amazon Web Services account IDs and Organizations organizational units (OUs) to include in
* the policy. Specifying an OU is the equivalent of specifying all accounts in the OU and in any of its
* child OUs, including any child OUs and accounts that are added at a later time.
*
* You can specify inclusions or exclusions, but not both. If you specify an IncludeMap,
* Firewall Manager applies the policy to all accounts specified by the IncludeMap, and does
* not evaluate any ExcludeMap specifications. If you do not specify an IncludeMap
* , then Firewall Manager applies the policy to all accounts except for those specified by the
* ExcludeMap.
*
*
* You can specify account IDs, OUs, or a combination:
*
*
* -
*
* Specify account IDs by setting the key to ACCOUNT. For example, the following is a valid
* map: {“ACCOUNT” : [“accountID1”, “accountID2”]}.
*
*
* -
*
* Specify OUs by setting the key to ORG_UNIT. For example, the following is a valid map:
* {“ORG_UNIT” : [“ouid111”, “ouid112”]}.
*
*
* -
*
* Specify accounts and OUs together in a single map, separated with a comma. For example, the following is
* a valid map: {“ACCOUNT” : [“accountID1”, “accountID2”], “ORG_UNIT” : [“ouid111”, “ouid112”]}
* .
*
*
*/
public final Map> includeMap() {
return CustomerPolicyScopeMapCopier.copyStringToEnum(includeMap);
}
/**
* For responses, this returns true if the service returned a value for the IncludeMap property. This DOES NOT check
* that the value is non-empty (for which, you should check the {@code isEmpty()} method on the property). This is
* useful because the SDK will never return a null collection or map, but you may need to differentiate between the
* service returning nothing (or null) and the service returning an empty collection or map. For requests, this
* returns true if a value for the property was specified in the request builder, and false if a value was not
* specified.
*/
public final boolean hasIncludeMap() {
return includeMap != null && !(includeMap instanceof SdkAutoConstructMap);
}
/**
*
* Specifies the Amazon Web Services account IDs and Organizations organizational units (OUs) to include in the
* policy. Specifying an OU is the equivalent of specifying all accounts in the OU and in any of its child OUs,
* including any child OUs and accounts that are added at a later time.
*
*
* You can specify inclusions or exclusions, but not both. If you specify an IncludeMap, Firewall
* Manager applies the policy to all accounts specified by the IncludeMap, and does not evaluate any
* ExcludeMap specifications. If you do not specify an IncludeMap, then Firewall Manager
* applies the policy to all accounts except for those specified by the ExcludeMap.
*
*
* You can specify account IDs, OUs, or a combination:
*
*
* -
*
* Specify account IDs by setting the key to ACCOUNT. For example, the following is a valid map:
* {“ACCOUNT” : [“accountID1”, “accountID2”]}.
*
*
* -
*
* Specify OUs by setting the key to ORG_UNIT. For example, the following is a valid map:
* {“ORG_UNIT” : [“ouid111”, “ouid112”]}.
*
*
* -
*
* Specify accounts and OUs together in a single map, separated with a comma. For example, the following is a valid
* map: {“ACCOUNT” : [“accountID1”, “accountID2”], “ORG_UNIT” : [“ouid111”, “ouid112”]}.
*
*
*
*
* Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.
*
*
* This method will never return null. If you would like to know whether the service returned this field (so that
* you can differentiate between null and empty), you can use the {@link #hasIncludeMap} method.
*
*
* @return Specifies the Amazon Web Services account IDs and Organizations organizational units (OUs) to include in
* the policy. Specifying an OU is the equivalent of specifying all accounts in the OU and in any of its
* child OUs, including any child OUs and accounts that are added at a later time.
*
* You can specify inclusions or exclusions, but not both. If you specify an IncludeMap,
* Firewall Manager applies the policy to all accounts specified by the IncludeMap, and does
* not evaluate any ExcludeMap specifications. If you do not specify an IncludeMap
* , then Firewall Manager applies the policy to all accounts except for those specified by the
* ExcludeMap.
*
*
* You can specify account IDs, OUs, or a combination:
*
*
* -
*
* Specify account IDs by setting the key to ACCOUNT. For example, the following is a valid
* map: {“ACCOUNT” : [“accountID1”, “accountID2”]}.
*
*
* -
*
* Specify OUs by setting the key to ORG_UNIT. For example, the following is a valid map:
* {“ORG_UNIT” : [“ouid111”, “ouid112”]}.
*
*
* -
*
* Specify accounts and OUs together in a single map, separated with a comma. For example, the following is
* a valid map: {“ACCOUNT” : [“accountID1”, “accountID2”], “ORG_UNIT” : [“ouid111”, “ouid112”]}
* .
*
*
*/
public final Map> includeMapAsStrings() {
return includeMap;
}
/**
*
* Specifies the Amazon Web Services account IDs and Organizations organizational units (OUs) to exclude from the
* policy. Specifying an OU is the equivalent of specifying all accounts in the OU and in any of its child OUs,
* including any child OUs and accounts that are added at a later time.
*
*
* You can specify inclusions or exclusions, but not both. If you specify an IncludeMap, Firewall
* Manager applies the policy to all accounts specified by the IncludeMap, and does not evaluate any
* ExcludeMap specifications. If you do not specify an IncludeMap, then Firewall Manager
* applies the policy to all accounts except for those specified by the ExcludeMap.
*
*
* You can specify account IDs, OUs, or a combination:
*
*
* -
*
* Specify account IDs by setting the key to ACCOUNT. For example, the following is a valid map:
* {“ACCOUNT” : [“accountID1”, “accountID2”]}.
*
*
* -
*
* Specify OUs by setting the key to ORG_UNIT. For example, the following is a valid map:
* {“ORG_UNIT” : [“ouid111”, “ouid112”]}.
*
*
* -
*
* Specify accounts and OUs together in a single map, separated with a comma. For example, the following is a valid
* map: {“ACCOUNT” : [“accountID1”, “accountID2”], “ORG_UNIT” : [“ouid111”, “ouid112”]}.
*
*
*
*
* Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.
*
*
* This method will never return null. If you would like to know whether the service returned this field (so that
* you can differentiate between null and empty), you can use the {@link #hasExcludeMap} method.
*
*
* @return Specifies the Amazon Web Services account IDs and Organizations organizational units (OUs) to exclude
* from the policy. Specifying an OU is the equivalent of specifying all accounts in the OU and in any of
* its child OUs, including any child OUs and accounts that are added at a later time.
*
* You can specify inclusions or exclusions, but not both. If you specify an IncludeMap,
* Firewall Manager applies the policy to all accounts specified by the IncludeMap, and does
* not evaluate any ExcludeMap specifications. If you do not specify an IncludeMap
* , then Firewall Manager applies the policy to all accounts except for those specified by the
* ExcludeMap.
*
*
* You can specify account IDs, OUs, or a combination:
*
*
* -
*
* Specify account IDs by setting the key to ACCOUNT. For example, the following is a valid
* map: {“ACCOUNT” : [“accountID1”, “accountID2”]}.
*
*
* -
*
* Specify OUs by setting the key to ORG_UNIT. For example, the following is a valid map:
* {“ORG_UNIT” : [“ouid111”, “ouid112”]}.
*
*
* -
*
* Specify accounts and OUs together in a single map, separated with a comma. For example, the following is
* a valid map: {“ACCOUNT” : [“accountID1”, “accountID2”], “ORG_UNIT” : [“ouid111”, “ouid112”]}
* .
*
*
*/
public final Map> excludeMap() {
return CustomerPolicyScopeMapCopier.copyStringToEnum(excludeMap);
}
/**
* For responses, this returns true if the service returned a value for the ExcludeMap property. This DOES NOT check
* that the value is non-empty (for which, you should check the {@code isEmpty()} method on the property). This is
* useful because the SDK will never return a null collection or map, but you may need to differentiate between the
* service returning nothing (or null) and the service returning an empty collection or map. For requests, this
* returns true if a value for the property was specified in the request builder, and false if a value was not
* specified.
*/
public final boolean hasExcludeMap() {
return excludeMap != null && !(excludeMap instanceof SdkAutoConstructMap);
}
/**
*
* Specifies the Amazon Web Services account IDs and Organizations organizational units (OUs) to exclude from the
* policy. Specifying an OU is the equivalent of specifying all accounts in the OU and in any of its child OUs,
* including any child OUs and accounts that are added at a later time.
*
*
* You can specify inclusions or exclusions, but not both. If you specify an IncludeMap, Firewall
* Manager applies the policy to all accounts specified by the IncludeMap, and does not evaluate any
* ExcludeMap specifications. If you do not specify an IncludeMap, then Firewall Manager
* applies the policy to all accounts except for those specified by the ExcludeMap.
*
*
* You can specify account IDs, OUs, or a combination:
*
*
* -
*
* Specify account IDs by setting the key to ACCOUNT. For example, the following is a valid map:
* {“ACCOUNT” : [“accountID1”, “accountID2”]}.
*
*
* -
*
* Specify OUs by setting the key to ORG_UNIT. For example, the following is a valid map:
* {“ORG_UNIT” : [“ouid111”, “ouid112”]}.
*
*
* -
*
* Specify accounts and OUs together in a single map, separated with a comma. For example, the following is a valid
* map: {“ACCOUNT” : [“accountID1”, “accountID2”], “ORG_UNIT” : [“ouid111”, “ouid112”]}.
*
*
*
*
* Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.
*
*
* This method will never return null. If you would like to know whether the service returned this field (so that
* you can differentiate between null and empty), you can use the {@link #hasExcludeMap} method.
*
*
* @return Specifies the Amazon Web Services account IDs and Organizations organizational units (OUs) to exclude
* from the policy. Specifying an OU is the equivalent of specifying all accounts in the OU and in any of
* its child OUs, including any child OUs and accounts that are added at a later time.
*
* You can specify inclusions or exclusions, but not both. If you specify an IncludeMap,
* Firewall Manager applies the policy to all accounts specified by the IncludeMap, and does
* not evaluate any ExcludeMap specifications. If you do not specify an IncludeMap
* , then Firewall Manager applies the policy to all accounts except for those specified by the
* ExcludeMap.
*
*
* You can specify account IDs, OUs, or a combination:
*
*
* -
*
* Specify account IDs by setting the key to ACCOUNT. For example, the following is a valid
* map: {“ACCOUNT” : [“accountID1”, “accountID2”]}.
*
*
* -
*
* Specify OUs by setting the key to ORG_UNIT. For example, the following is a valid map:
* {“ORG_UNIT” : [“ouid111”, “ouid112”]}.
*
*
* -
*
* Specify accounts and OUs together in a single map, separated with a comma. For example, the following is
* a valid map: {“ACCOUNT” : [“accountID1”, “accountID2”], “ORG_UNIT” : [“ouid111”, “ouid112”]}
* .
*
*
*/
public final Map> excludeMapAsStrings() {
return excludeMap;
}
/**
* For responses, this returns true if the service returned a value for the ResourceSetIds property. This DOES NOT
* check that the value is non-empty (for which, you should check the {@code isEmpty()} method on the property).
* This is useful because the SDK will never return a null collection or map, but you may need to differentiate
* between the service returning nothing (or null) and the service returning an empty collection or map. For
* requests, this returns true if a value for the property was specified in the request builder, and false if a
* value was not specified.
*/
public final boolean hasResourceSetIds() {
return resourceSetIds != null && !(resourceSetIds instanceof SdkAutoConstructList);
}
/**
*
* The unique identifiers of the resource sets used by the policy.
*
*
* Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.
*
*
* This method will never return null. If you would like to know whether the service returned this field (so that
* you can differentiate between null and empty), you can use the {@link #hasResourceSetIds} method.
*
*
* @return The unique identifiers of the resource sets used by the policy.
*/
public final List resourceSetIds() {
return resourceSetIds;
}
/**
*
* The definition of the Network Firewall firewall policy.
*
*
* @return The definition of the Network Firewall firewall policy.
*/
public final String policyDescription() {
return policyDescription;
}
/**
*
* Indicates whether the policy is in or out of an admin's policy or Region scope.
*
*
* -
*
* ACTIVE - The administrator can manage and delete the policy.
*
*
* -
*
* OUT_OF_ADMIN_SCOPE - The administrator can view the policy, but they can't edit or delete the
* policy. Existing policy protections stay in place. Any new resources that come into scope of the policy won't be
* protected.
*
*
*
*
* If the service returns an enum value that is not available in the current SDK version, {@link #policyStatus} will
* return {@link CustomerPolicyStatus#UNKNOWN_TO_SDK_VERSION}. The raw value returned by the service is available
* from {@link #policyStatusAsString}.
*
*
* @return Indicates whether the policy is in or out of an admin's policy or Region scope.
*
* -
*
* ACTIVE - The administrator can manage and delete the policy.
*
*
* -
*
* OUT_OF_ADMIN_SCOPE - The administrator can view the policy, but they can't edit or delete
* the policy. Existing policy protections stay in place. Any new resources that come into scope of the
* policy won't be protected.
*
*
* @see CustomerPolicyStatus
*/
public final CustomerPolicyStatus policyStatus() {
return CustomerPolicyStatus.fromValue(policyStatus);
}
/**
*
* Indicates whether the policy is in or out of an admin's policy or Region scope.
*
*
* -
*
* ACTIVE - The administrator can manage and delete the policy.
*
*
* -
*
* OUT_OF_ADMIN_SCOPE - The administrator can view the policy, but they can't edit or delete the
* policy. Existing policy protections stay in place. Any new resources that come into scope of the policy won't be
* protected.
*
*
*
*
* If the service returns an enum value that is not available in the current SDK version, {@link #policyStatus} will
* return {@link CustomerPolicyStatus#UNKNOWN_TO_SDK_VERSION}. The raw value returned by the service is available
* from {@link #policyStatusAsString}.
*
*
* @return Indicates whether the policy is in or out of an admin's policy or Region scope.
*
* -
*
* ACTIVE - The administrator can manage and delete the policy.
*
*
* -
*
* OUT_OF_ADMIN_SCOPE - The administrator can view the policy, but they can't edit or delete
* the policy. Existing policy protections stay in place. Any new resources that come into scope of the
* policy won't be protected.
*
*
* @see CustomerPolicyStatus
*/
public final String policyStatusAsString() {
return policyStatus;
}
@Override
public Builder toBuilder() {
return new BuilderImpl(this);
}
public static Builder builder() {
return new BuilderImpl();
}
public static Class serializableBuilderClass() {
return BuilderImpl.class;
}
@Override
public final int hashCode() {
int hashCode = 1;
hashCode = 31 * hashCode + Objects.hashCode(policyId());
hashCode = 31 * hashCode + Objects.hashCode(policyName());
hashCode = 31 * hashCode + Objects.hashCode(policyUpdateToken());
hashCode = 31 * hashCode + Objects.hashCode(securityServicePolicyData());
hashCode = 31 * hashCode + Objects.hashCode(resourceType());
hashCode = 31 * hashCode + Objects.hashCode(hasResourceTypeList() ? resourceTypeList() : null);
hashCode = 31 * hashCode + Objects.hashCode(hasResourceTags() ? resourceTags() : null);
hashCode = 31 * hashCode + Objects.hashCode(excludeResourceTags());
hashCode = 31 * hashCode + Objects.hashCode(remediationEnabled());
hashCode = 31 * hashCode + Objects.hashCode(deleteUnusedFMManagedResources());
hashCode = 31 * hashCode + Objects.hashCode(hasIncludeMap() ? includeMapAsStrings() : null);
hashCode = 31 * hashCode + Objects.hashCode(hasExcludeMap() ? excludeMapAsStrings() : null);
hashCode = 31 * hashCode + Objects.hashCode(hasResourceSetIds() ? resourceSetIds() : null);
hashCode = 31 * hashCode + Objects.hashCode(policyDescription());
hashCode = 31 * hashCode + Objects.hashCode(policyStatusAsString());
return hashCode;
}
@Override
public final boolean equals(Object obj) {
return equalsBySdkFields(obj);
}
@Override
public final boolean equalsBySdkFields(Object obj) {
if (this == obj) {
return true;
}
if (obj == null) {
return false;
}
if (!(obj instanceof Policy)) {
return false;
}
Policy other = (Policy) obj;
return Objects.equals(policyId(), other.policyId()) && Objects.equals(policyName(), other.policyName())
&& Objects.equals(policyUpdateToken(), other.policyUpdateToken())
&& Objects.equals(securityServicePolicyData(), other.securityServicePolicyData())
&& Objects.equals(resourceType(), other.resourceType()) && hasResourceTypeList() == other.hasResourceTypeList()
&& Objects.equals(resourceTypeList(), other.resourceTypeList()) && hasResourceTags() == other.hasResourceTags()
&& Objects.equals(resourceTags(), other.resourceTags())
&& Objects.equals(excludeResourceTags(), other.excludeResourceTags())
&& Objects.equals(remediationEnabled(), other.remediationEnabled())
&& Objects.equals(deleteUnusedFMManagedResources(), other.deleteUnusedFMManagedResources())
&& hasIncludeMap() == other.hasIncludeMap() && Objects.equals(includeMapAsStrings(), other.includeMapAsStrings())
&& hasExcludeMap() == other.hasExcludeMap() && Objects.equals(excludeMapAsStrings(), other.excludeMapAsStrings())
&& hasResourceSetIds() == other.hasResourceSetIds() && Objects.equals(resourceSetIds(), other.resourceSetIds())
&& Objects.equals(policyDescription(), other.policyDescription())
&& Objects.equals(policyStatusAsString(), other.policyStatusAsString());
}
/**
* Returns a string representation of this object. This is useful for testing and debugging. Sensitive data will be
* redacted from this string using a placeholder value.
*/
@Override
public final String toString() {
return ToString.builder("Policy").add("PolicyId", policyId()).add("PolicyName", policyName())
.add("PolicyUpdateToken", policyUpdateToken()).add("SecurityServicePolicyData", securityServicePolicyData())
.add("ResourceType", resourceType()).add("ResourceTypeList", hasResourceTypeList() ? resourceTypeList() : null)
.add("ResourceTags", hasResourceTags() ? resourceTags() : null).add("ExcludeResourceTags", excludeResourceTags())
.add("RemediationEnabled", remediationEnabled())
.add("DeleteUnusedFMManagedResources", deleteUnusedFMManagedResources())
.add("IncludeMap", hasIncludeMap() ? includeMapAsStrings() : null)
.add("ExcludeMap", hasExcludeMap() ? excludeMapAsStrings() : null)
.add("ResourceSetIds", hasResourceSetIds() ? resourceSetIds() : null)
.add("PolicyDescription", policyDescription()).add("PolicyStatus", policyStatusAsString()).build();
}
public final Optional getValueForField(String fieldName, Class clazz) {
switch (fieldName) {
case "PolicyId":
return Optional.ofNullable(clazz.cast(policyId()));
case "PolicyName":
return Optional.ofNullable(clazz.cast(policyName()));
case "PolicyUpdateToken":
return Optional.ofNullable(clazz.cast(policyUpdateToken()));
case "SecurityServicePolicyData":
return Optional.ofNullable(clazz.cast(securityServicePolicyData()));
case "ResourceType":
return Optional.ofNullable(clazz.cast(resourceType()));
case "ResourceTypeList":
return Optional.ofNullable(clazz.cast(resourceTypeList()));
case "ResourceTags":
return Optional.ofNullable(clazz.cast(resourceTags()));
case "ExcludeResourceTags":
return Optional.ofNullable(clazz.cast(excludeResourceTags()));
case "RemediationEnabled":
return Optional.ofNullable(clazz.cast(remediationEnabled()));
case "DeleteUnusedFMManagedResources":
return Optional.ofNullable(clazz.cast(deleteUnusedFMManagedResources()));
case "IncludeMap":
return Optional.ofNullable(clazz.cast(includeMapAsStrings()));
case "ExcludeMap":
return Optional.ofNullable(clazz.cast(excludeMapAsStrings()));
case "ResourceSetIds":
return Optional.ofNullable(clazz.cast(resourceSetIds()));
case "PolicyDescription":
return Optional.ofNullable(clazz.cast(policyDescription()));
case "PolicyStatus":
return Optional.ofNullable(clazz.cast(policyStatusAsString()));
default:
return Optional.empty();
}
}
@Override
public final List> sdkFields() {
return SDK_FIELDS;
}
private static Function getter(Function g) {
return obj -> g.apply((Policy) obj);
}
private static BiConsumer setter(BiConsumer s) {
return (obj, val) -> s.accept((Builder) obj, val);
}
public interface Builder extends SdkPojo, CopyableBuilder {
/**
*
* The ID of the Firewall Manager policy.
*
*
* @param policyId
* The ID of the Firewall Manager policy.
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder policyId(String policyId);
/**
*
* The name of the Firewall Manager policy.
*
*
* @param policyName
* The name of the Firewall Manager policy.
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder policyName(String policyName);
/**
*
* A unique identifier for each update to the policy. When issuing a PutPolicy request, the
* PolicyUpdateToken in the request must match the PolicyUpdateToken of the current
* policy version. To get the PolicyUpdateToken of the current policy version, use a
* GetPolicy request.
*
*
* @param policyUpdateToken
* A unique identifier for each update to the policy. When issuing a PutPolicy request, the
* PolicyUpdateToken in the request must match the PolicyUpdateToken of the
* current policy version. To get the PolicyUpdateToken of the current policy version, use a
* GetPolicy request.
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder policyUpdateToken(String policyUpdateToken);
/**
*
* Details about the security service that is being used to protect the resources.
*
*
* @param securityServicePolicyData
* Details about the security service that is being used to protect the resources.
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder securityServicePolicyData(SecurityServicePolicyData securityServicePolicyData);
/**
*
* Details about the security service that is being used to protect the resources.
*
* This is a convenience method that creates an instance of the {@link SecurityServicePolicyData.Builder}
* avoiding the need to create one manually via {@link SecurityServicePolicyData#builder()}.
*
*
* When the {@link Consumer} completes, {@link SecurityServicePolicyData.Builder#build()} is called immediately
* and its result is passed to {@link #securityServicePolicyData(SecurityServicePolicyData)}.
*
* @param securityServicePolicyData
* a consumer that will call methods on {@link SecurityServicePolicyData.Builder}
* @return Returns a reference to this object so that method calls can be chained together.
* @see #securityServicePolicyData(SecurityServicePolicyData)
*/
default Builder securityServicePolicyData(Consumer securityServicePolicyData) {
return securityServicePolicyData(SecurityServicePolicyData.builder().applyMutation(securityServicePolicyData).build());
}
/**
*
* The type of resource protected by or in scope of the policy. This is in the format shown in the Amazon Web Services Resource Types Reference. To apply this policy to multiple resource types, specify a
* resource type of ResourceTypeList and then specify the resource types in a
* ResourceTypeList.
*
*
* For WAF and Shield Advanced, resource types include AWS::ElasticLoadBalancingV2::LoadBalancer,
* AWS::ElasticLoadBalancing::LoadBalancer, AWS::EC2::EIP, and
* AWS::CloudFront::Distribution. For a security group common policy, valid values are
* AWS::EC2::NetworkInterface and AWS::EC2::Instance. For a security group content
* audit policy, valid values are AWS::EC2::SecurityGroup, AWS::EC2::NetworkInterface,
* and AWS::EC2::Instance. For a security group usage audit policy, the value is
* AWS::EC2::SecurityGroup. For an Network Firewall policy or DNS Firewall policy, the value is
* AWS::EC2::VPC.
*
*
* @param resourceType
* The type of resource protected by or in scope of the policy. This is in the format shown in the Amazon Web Services Resource Types Reference. To apply this policy to multiple resource types,
* specify a resource type of ResourceTypeList and then specify the resource types in a
* ResourceTypeList.
*
* For WAF and Shield Advanced, resource types include
* AWS::ElasticLoadBalancingV2::LoadBalancer,
* AWS::ElasticLoadBalancing::LoadBalancer, AWS::EC2::EIP, and
* AWS::CloudFront::Distribution. For a security group common policy, valid values are
* AWS::EC2::NetworkInterface and AWS::EC2::Instance. For a security group
* content audit policy, valid values are AWS::EC2::SecurityGroup,
* AWS::EC2::NetworkInterface, and AWS::EC2::Instance. For a security group
* usage audit policy, the value is AWS::EC2::SecurityGroup. For an Network Firewall policy
* or DNS Firewall policy, the value is AWS::EC2::VPC.
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder resourceType(String resourceType);
/**
*
* An array of ResourceType objects. Use this only to specify multiple resource types. To specify a
* single resource type, use ResourceType.
*
*
* @param resourceTypeList
* An array of ResourceType objects. Use this only to specify multiple resource types. To
* specify a single resource type, use ResourceType.
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder resourceTypeList(Collection resourceTypeList);
/**
*
* An array of ResourceType objects. Use this only to specify multiple resource types. To specify a
* single resource type, use ResourceType.
*
*
* @param resourceTypeList
* An array of ResourceType objects. Use this only to specify multiple resource types. To
* specify a single resource type, use ResourceType.
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder resourceTypeList(String... resourceTypeList);
/**
*
* An array of ResourceTag objects.
*
*
* @param resourceTags
* An array of ResourceTag objects.
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder resourceTags(Collection resourceTags);
/**
*
* An array of ResourceTag objects.
*
*
* @param resourceTags
* An array of ResourceTag objects.
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder resourceTags(ResourceTag... resourceTags);
/**
*
* An array of ResourceTag objects.
*
* This is a convenience method that creates an instance of the
* {@link software.amazon.awssdk.services.fms.model.ResourceTag.Builder} avoiding the need to create one
* manually via {@link software.amazon.awssdk.services.fms.model.ResourceTag#builder()}.
*
*
* When the {@link Consumer} completes,
* {@link software.amazon.awssdk.services.fms.model.ResourceTag.Builder#build()} is called immediately and its
* result is passed to {@link #resourceTags(List)}.
*
* @param resourceTags
* a consumer that will call methods on
* {@link software.amazon.awssdk.services.fms.model.ResourceTag.Builder}
* @return Returns a reference to this object so that method calls can be chained together.
* @see #resourceTags(java.util.Collection)
*/
Builder resourceTags(Consumer... resourceTags);
/**
*
* If set to True, resources with the tags that are specified in the ResourceTag array
* are not in scope of the policy. If set to False, and the ResourceTag array is not
* null, only resources with the specified tags are in scope of the policy.
*
*
* @param excludeResourceTags
* If set to True, resources with the tags that are specified in the
* ResourceTag array are not in scope of the policy. If set to False, and the
* ResourceTag array is not null, only resources with the specified tags are in scope of the
* policy.
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder excludeResourceTags(Boolean excludeResourceTags);
/**
*
* Indicates if the policy should be automatically applied to new resources.
*
*
* @param remediationEnabled
* Indicates if the policy should be automatically applied to new resources.
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder remediationEnabled(Boolean remediationEnabled);
/**
*
* Indicates whether Firewall Manager should automatically remove protections from resources that leave the
* policy scope and clean up resources that Firewall Manager is managing for accounts when those accounts leave
* policy scope. For example, Firewall Manager will disassociate a Firewall Manager managed web ACL from a
* protected customer resource when the customer resource leaves policy scope.
*
*
* By default, Firewall Manager doesn't remove protections or delete Firewall Manager managed resources.
*
*
* This option is not available for Shield Advanced or WAF Classic policies.
*
*
* @param deleteUnusedFMManagedResources
* Indicates whether Firewall Manager should automatically remove protections from resources that leave
* the policy scope and clean up resources that Firewall Manager is managing for accounts when those
* accounts leave policy scope. For example, Firewall Manager will disassociate a Firewall Manager
* managed web ACL from a protected customer resource when the customer resource leaves policy scope.
*
*
* By default, Firewall Manager doesn't remove protections or delete Firewall Manager managed resources.
*
*
* This option is not available for Shield Advanced or WAF Classic policies.
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder deleteUnusedFMManagedResources(Boolean deleteUnusedFMManagedResources);
/**
*
* Specifies the Amazon Web Services account IDs and Organizations organizational units (OUs) to include in the
* policy. Specifying an OU is the equivalent of specifying all accounts in the OU and in any of its child OUs,
* including any child OUs and accounts that are added at a later time.
*
*
* You can specify inclusions or exclusions, but not both. If you specify an IncludeMap, Firewall
* Manager applies the policy to all accounts specified by the IncludeMap, and does not evaluate
* any ExcludeMap specifications. If you do not specify an IncludeMap, then Firewall
* Manager applies the policy to all accounts except for those specified by the ExcludeMap.
*
*
* You can specify account IDs, OUs, or a combination:
*
*
* -
*
* Specify account IDs by setting the key to ACCOUNT. For example, the following is a valid map:
* {“ACCOUNT” : [“accountID1”, “accountID2”]}.
*
*
* -
*
* Specify OUs by setting the key to ORG_UNIT. For example, the following is a valid map:
* {“ORG_UNIT” : [“ouid111”, “ouid112”]}.
*
*
* -
*
* Specify accounts and OUs together in a single map, separated with a comma. For example, the following is a
* valid map: {“ACCOUNT” : [“accountID1”, “accountID2”], “ORG_UNIT” : [“ouid111”, “ouid112”]}.
*
*
*
*
* @param includeMap
* Specifies the Amazon Web Services account IDs and Organizations organizational units (OUs) to include
* in the policy. Specifying an OU is the equivalent of specifying all accounts in the OU and in any of
* its child OUs, including any child OUs and accounts that are added at a later time.
*
* You can specify inclusions or exclusions, but not both. If you specify an IncludeMap,
* Firewall Manager applies the policy to all accounts specified by the IncludeMap, and does
* not evaluate any ExcludeMap specifications. If you do not specify an
* IncludeMap, then Firewall Manager applies the policy to all accounts except for those
* specified by the ExcludeMap.
*
*
* You can specify account IDs, OUs, or a combination:
*
*
* -
*
* Specify account IDs by setting the key to ACCOUNT. For example, the following is a valid
* map: {“ACCOUNT” : [“accountID1”, “accountID2”]}.
*
*
* -
*
* Specify OUs by setting the key to ORG_UNIT. For example, the following is a valid map:
* {“ORG_UNIT” : [“ouid111”, “ouid112”]}.
*
*
* -
*
* Specify accounts and OUs together in a single map, separated with a comma. For example, the following
* is a valid map:
* {“ACCOUNT” : [“accountID1”, “accountID2”], “ORG_UNIT” : [“ouid111”, “ouid112”]}.
*
*
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder includeMapWithStrings(Map> includeMap);
/**
*
* Specifies the Amazon Web Services account IDs and Organizations organizational units (OUs) to include in the
* policy. Specifying an OU is the equivalent of specifying all accounts in the OU and in any of its child OUs,
* including any child OUs and accounts that are added at a later time.
*
*
* You can specify inclusions or exclusions, but not both. If you specify an IncludeMap, Firewall
* Manager applies the policy to all accounts specified by the IncludeMap, and does not evaluate
* any ExcludeMap specifications. If you do not specify an IncludeMap, then Firewall
* Manager applies the policy to all accounts except for those specified by the ExcludeMap.
*
*
* You can specify account IDs, OUs, or a combination:
*
*
* -
*
* Specify account IDs by setting the key to ACCOUNT. For example, the following is a valid map:
* {“ACCOUNT” : [“accountID1”, “accountID2”]}.
*
*
* -
*
* Specify OUs by setting the key to ORG_UNIT. For example, the following is a valid map:
* {“ORG_UNIT” : [“ouid111”, “ouid112”]}.
*
*
* -
*
* Specify accounts and OUs together in a single map, separated with a comma. For example, the following is a
* valid map: {“ACCOUNT” : [“accountID1”, “accountID2”], “ORG_UNIT” : [“ouid111”, “ouid112”]}.
*
*
*
*
* @param includeMap
* Specifies the Amazon Web Services account IDs and Organizations organizational units (OUs) to include
* in the policy. Specifying an OU is the equivalent of specifying all accounts in the OU and in any of
* its child OUs, including any child OUs and accounts that are added at a later time.
*
* You can specify inclusions or exclusions, but not both. If you specify an IncludeMap,
* Firewall Manager applies the policy to all accounts specified by the IncludeMap, and does
* not evaluate any ExcludeMap specifications. If you do not specify an
* IncludeMap, then Firewall Manager applies the policy to all accounts except for those
* specified by the ExcludeMap.
*
*
* You can specify account IDs, OUs, or a combination:
*
*
* -
*
* Specify account IDs by setting the key to ACCOUNT. For example, the following is a valid
* map: {“ACCOUNT” : [“accountID1”, “accountID2”]}.
*
*
* -
*
* Specify OUs by setting the key to ORG_UNIT. For example, the following is a valid map:
* {“ORG_UNIT” : [“ouid111”, “ouid112”]}.
*
*
* -
*
* Specify accounts and OUs together in a single map, separated with a comma. For example, the following
* is a valid map:
* {“ACCOUNT” : [“accountID1”, “accountID2”], “ORG_UNIT” : [“ouid111”, “ouid112”]}.
*
*
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder includeMap(Map> includeMap);
/**
*
* Specifies the Amazon Web Services account IDs and Organizations organizational units (OUs) to exclude from
* the policy. Specifying an OU is the equivalent of specifying all accounts in the OU and in any of its child
* OUs, including any child OUs and accounts that are added at a later time.
*
*
* You can specify inclusions or exclusions, but not both. If you specify an IncludeMap, Firewall
* Manager applies the policy to all accounts specified by the IncludeMap, and does not evaluate
* any ExcludeMap specifications. If you do not specify an IncludeMap, then Firewall
* Manager applies the policy to all accounts except for those specified by the ExcludeMap.
*
*
* You can specify account IDs, OUs, or a combination:
*
*
* -
*
* Specify account IDs by setting the key to ACCOUNT. For example, the following is a valid map:
* {“ACCOUNT” : [“accountID1”, “accountID2”]}.
*
*
* -
*
* Specify OUs by setting the key to ORG_UNIT. For example, the following is a valid map:
* {“ORG_UNIT” : [“ouid111”, “ouid112”]}.
*
*
* -
*
* Specify accounts and OUs together in a single map, separated with a comma. For example, the following is a
* valid map: {“ACCOUNT” : [“accountID1”, “accountID2”], “ORG_UNIT” : [“ouid111”, “ouid112”]}.
*
*
*
*
* @param excludeMap
* Specifies the Amazon Web Services account IDs and Organizations organizational units (OUs) to exclude
* from the policy. Specifying an OU is the equivalent of specifying all accounts in the OU and in any of
* its child OUs, including any child OUs and accounts that are added at a later time.
*
* You can specify inclusions or exclusions, but not both. If you specify an IncludeMap,
* Firewall Manager applies the policy to all accounts specified by the IncludeMap, and does
* not evaluate any ExcludeMap specifications. If you do not specify an
* IncludeMap, then Firewall Manager applies the policy to all accounts except for those
* specified by the ExcludeMap.
*
*
* You can specify account IDs, OUs, or a combination:
*
*
* -
*
* Specify account IDs by setting the key to ACCOUNT. For example, the following is a valid
* map: {“ACCOUNT” : [“accountID1”, “accountID2”]}.
*
*
* -
*
* Specify OUs by setting the key to ORG_UNIT. For example, the following is a valid map:
* {“ORG_UNIT” : [“ouid111”, “ouid112”]}.
*
*
* -
*
* Specify accounts and OUs together in a single map, separated with a comma. For example, the following
* is a valid map:
* {“ACCOUNT” : [“accountID1”, “accountID2”], “ORG_UNIT” : [“ouid111”, “ouid112”]}.
*
*
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder excludeMapWithStrings(Map> excludeMap);
/**
*
* Specifies the Amazon Web Services account IDs and Organizations organizational units (OUs) to exclude from
* the policy. Specifying an OU is the equivalent of specifying all accounts in the OU and in any of its child
* OUs, including any child OUs and accounts that are added at a later time.
*
*
* You can specify inclusions or exclusions, but not both. If you specify an IncludeMap, Firewall
* Manager applies the policy to all accounts specified by the IncludeMap, and does not evaluate
* any ExcludeMap specifications. If you do not specify an IncludeMap, then Firewall
* Manager applies the policy to all accounts except for those specified by the ExcludeMap.
*
*
* You can specify account IDs, OUs, or a combination:
*
*
* -
*
* Specify account IDs by setting the key to ACCOUNT. For example, the following is a valid map:
* {“ACCOUNT” : [“accountID1”, “accountID2”]}.
*
*
* -
*
* Specify OUs by setting the key to ORG_UNIT. For example, the following is a valid map:
* {“ORG_UNIT” : [“ouid111”, “ouid112”]}.
*
*
* -
*
* Specify accounts and OUs together in a single map, separated with a comma. For example, the following is a
* valid map: {“ACCOUNT” : [“accountID1”, “accountID2”], “ORG_UNIT” : [“ouid111”, “ouid112”]}.
*
*
*
*
* @param excludeMap
* Specifies the Amazon Web Services account IDs and Organizations organizational units (OUs) to exclude
* from the policy. Specifying an OU is the equivalent of specifying all accounts in the OU and in any of
* its child OUs, including any child OUs and accounts that are added at a later time.
*
* You can specify inclusions or exclusions, but not both. If you specify an IncludeMap,
* Firewall Manager applies the policy to all accounts specified by the IncludeMap, and does
* not evaluate any ExcludeMap specifications. If you do not specify an
* IncludeMap, then Firewall Manager applies the policy to all accounts except for those
* specified by the ExcludeMap.
*
*
* You can specify account IDs, OUs, or a combination:
*
*
* -
*
* Specify account IDs by setting the key to ACCOUNT. For example, the following is a valid
* map: {“ACCOUNT” : [“accountID1”, “accountID2”]}.
*
*
* -
*
* Specify OUs by setting the key to ORG_UNIT. For example, the following is a valid map:
* {“ORG_UNIT” : [“ouid111”, “ouid112”]}.
*
*
* -
*
* Specify accounts and OUs together in a single map, separated with a comma. For example, the following
* is a valid map:
* {“ACCOUNT” : [“accountID1”, “accountID2”], “ORG_UNIT” : [“ouid111”, “ouid112”]}.
*
*
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder excludeMap(Map> excludeMap);
/**
*
* The unique identifiers of the resource sets used by the policy.
*
*
* @param resourceSetIds
* The unique identifiers of the resource sets used by the policy.
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder resourceSetIds(Collection resourceSetIds);
/**
*
* The unique identifiers of the resource sets used by the policy.
*
*
* @param resourceSetIds
* The unique identifiers of the resource sets used by the policy.
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder resourceSetIds(String... resourceSetIds);
/**
*
* The definition of the Network Firewall firewall policy.
*
*
* @param policyDescription
* The definition of the Network Firewall firewall policy.
* @return Returns a reference to this object so that method calls can be chained together.
*/
Builder policyDescription(String policyDescription);
/**
*
* Indicates whether the policy is in or out of an admin's policy or Region scope.
*
*
* -
*
* ACTIVE - The administrator can manage and delete the policy.
*
*
* -
*
* OUT_OF_ADMIN_SCOPE - The administrator can view the policy, but they can't edit or delete the
* policy. Existing policy protections stay in place. Any new resources that come into scope of the policy won't
* be protected.
*
*
*
*
* @param policyStatus
* Indicates whether the policy is in or out of an admin's policy or Region scope.
*
* -
*
* ACTIVE - The administrator can manage and delete the policy.
*
*
* -
*
* OUT_OF_ADMIN_SCOPE - The administrator can view the policy, but they can't edit or delete
* the policy. Existing policy protections stay in place. Any new resources that come into scope of the
* policy won't be protected.
*
*
* @see CustomerPolicyStatus
* @return Returns a reference to this object so that method calls can be chained together.
* @see CustomerPolicyStatus
*/
Builder policyStatus(String policyStatus);
/**
*
* Indicates whether the policy is in or out of an admin's policy or Region scope.
*
*
* -
*
* ACTIVE - The administrator can manage and delete the policy.
*
*
* -
*
* OUT_OF_ADMIN_SCOPE - The administrator can view the policy, but they can't edit or delete the
* policy. Existing policy protections stay in place. Any new resources that come into scope of the policy won't
* be protected.
*
*
*
*
* @param policyStatus
* Indicates whether the policy is in or out of an admin's policy or Region scope.
*
* -
*
* ACTIVE - The administrator can manage and delete the policy.
*
*
* -
*
* OUT_OF_ADMIN_SCOPE - The administrator can view the policy, but they can't edit or delete
* the policy. Existing policy protections stay in place. Any new resources that come into scope of the
* policy won't be protected.
*
*
* @see CustomerPolicyStatus
* @return Returns a reference to this object so that method calls can be chained together.
* @see CustomerPolicyStatus
*/
Builder policyStatus(CustomerPolicyStatus policyStatus);
}
static final class BuilderImpl implements Builder {
private String policyId;
private String policyName;
private String policyUpdateToken;
private SecurityServicePolicyData securityServicePolicyData;
private String resourceType;
private List resourceTypeList = DefaultSdkAutoConstructList.getInstance();
private List resourceTags = DefaultSdkAutoConstructList.getInstance();
private Boolean excludeResourceTags;
private Boolean remediationEnabled;
private Boolean deleteUnusedFMManagedResources;
private Map> includeMap = DefaultSdkAutoConstructMap.getInstance();
private Map> excludeMap = DefaultSdkAutoConstructMap.getInstance();
private List resourceSetIds = DefaultSdkAutoConstructList.getInstance();
private String policyDescription;
private String policyStatus;
private BuilderImpl() {
}
private BuilderImpl(Policy model) {
policyId(model.policyId);
policyName(model.policyName);
policyUpdateToken(model.policyUpdateToken);
securityServicePolicyData(model.securityServicePolicyData);
resourceType(model.resourceType);
resourceTypeList(model.resourceTypeList);
resourceTags(model.resourceTags);
excludeResourceTags(model.excludeResourceTags);
remediationEnabled(model.remediationEnabled);
deleteUnusedFMManagedResources(model.deleteUnusedFMManagedResources);
includeMapWithStrings(model.includeMap);
excludeMapWithStrings(model.excludeMap);
resourceSetIds(model.resourceSetIds);
policyDescription(model.policyDescription);
policyStatus(model.policyStatus);
}
public final String getPolicyId() {
return policyId;
}
public final void setPolicyId(String policyId) {
this.policyId = policyId;
}
@Override
public final Builder policyId(String policyId) {
this.policyId = policyId;
return this;
}
public final String getPolicyName() {
return policyName;
}
public final void setPolicyName(String policyName) {
this.policyName = policyName;
}
@Override
public final Builder policyName(String policyName) {
this.policyName = policyName;
return this;
}
public final String getPolicyUpdateToken() {
return policyUpdateToken;
}
public final void setPolicyUpdateToken(String policyUpdateToken) {
this.policyUpdateToken = policyUpdateToken;
}
@Override
public final Builder policyUpdateToken(String policyUpdateToken) {
this.policyUpdateToken = policyUpdateToken;
return this;
}
public final SecurityServicePolicyData.Builder getSecurityServicePolicyData() {
return securityServicePolicyData != null ? securityServicePolicyData.toBuilder() : null;
}
public final void setSecurityServicePolicyData(SecurityServicePolicyData.BuilderImpl securityServicePolicyData) {
this.securityServicePolicyData = securityServicePolicyData != null ? securityServicePolicyData.build() : null;
}
@Override
public final Builder securityServicePolicyData(SecurityServicePolicyData securityServicePolicyData) {
this.securityServicePolicyData = securityServicePolicyData;
return this;
}
public final String getResourceType() {
return resourceType;
}
public final void setResourceType(String resourceType) {
this.resourceType = resourceType;
}
@Override
public final Builder resourceType(String resourceType) {
this.resourceType = resourceType;
return this;
}
public final Collection getResourceTypeList() {
if (resourceTypeList instanceof SdkAutoConstructList) {
return null;
}
return resourceTypeList;
}
public final void setResourceTypeList(Collection resourceTypeList) {
this.resourceTypeList = ResourceTypeListCopier.copy(resourceTypeList);
}
@Override
public final Builder resourceTypeList(Collection resourceTypeList) {
this.resourceTypeList = ResourceTypeListCopier.copy(resourceTypeList);
return this;
}
@Override
@SafeVarargs
public final Builder resourceTypeList(String... resourceTypeList) {
resourceTypeList(Arrays.asList(resourceTypeList));
return this;
}
public final List getResourceTags() {
List result = ResourceTagsCopier.copyToBuilder(this.resourceTags);
if (result instanceof SdkAutoConstructList) {
return null;
}
return result;
}
public final void setResourceTags(Collection resourceTags) {
this.resourceTags = ResourceTagsCopier.copyFromBuilder(resourceTags);
}
@Override
public final Builder resourceTags(Collection resourceTags) {
this.resourceTags = ResourceTagsCopier.copy(resourceTags);
return this;
}
@Override
@SafeVarargs
public final Builder resourceTags(ResourceTag... resourceTags) {
resourceTags(Arrays.asList(resourceTags));
return this;
}
@Override
@SafeVarargs
public final Builder resourceTags(Consumer... resourceTags) {
resourceTags(Stream.of(resourceTags).map(c -> ResourceTag.builder().applyMutation(c).build())
.collect(Collectors.toList()));
return this;
}
public final Boolean getExcludeResourceTags() {
return excludeResourceTags;
}
public final void setExcludeResourceTags(Boolean excludeResourceTags) {
this.excludeResourceTags = excludeResourceTags;
}
@Override
public final Builder excludeResourceTags(Boolean excludeResourceTags) {
this.excludeResourceTags = excludeResourceTags;
return this;
}
public final Boolean getRemediationEnabled() {
return remediationEnabled;
}
public final void setRemediationEnabled(Boolean remediationEnabled) {
this.remediationEnabled = remediationEnabled;
}
@Override
public final Builder remediationEnabled(Boolean remediationEnabled) {
this.remediationEnabled = remediationEnabled;
return this;
}
public final Boolean getDeleteUnusedFMManagedResources() {
return deleteUnusedFMManagedResources;
}
public final void setDeleteUnusedFMManagedResources(Boolean deleteUnusedFMManagedResources) {
this.deleteUnusedFMManagedResources = deleteUnusedFMManagedResources;
}
@Override
public final Builder deleteUnusedFMManagedResources(Boolean deleteUnusedFMManagedResources) {
this.deleteUnusedFMManagedResources = deleteUnusedFMManagedResources;
return this;
}
public final Map> getIncludeMap() {
if (includeMap instanceof SdkAutoConstructMap) {
return null;
}
return includeMap;
}
public final void setIncludeMap(Map> includeMap) {
this.includeMap = CustomerPolicyScopeMapCopier.copy(includeMap);
}
@Override
public final Builder includeMapWithStrings(Map> includeMap) {
this.includeMap = CustomerPolicyScopeMapCopier.copy(includeMap);
return this;
}
@Override
public final Builder includeMap(Map> includeMap) {
this.includeMap = CustomerPolicyScopeMapCopier.copyEnumToString(includeMap);
return this;
}
public final Map> getExcludeMap() {
if (excludeMap instanceof SdkAutoConstructMap) {
return null;
}
return excludeMap;
}
public final void setExcludeMap(Map> excludeMap) {
this.excludeMap = CustomerPolicyScopeMapCopier.copy(excludeMap);
}
@Override
public final Builder excludeMapWithStrings(Map> excludeMap) {
this.excludeMap = CustomerPolicyScopeMapCopier.copy(excludeMap);
return this;
}
@Override
public final Builder excludeMap(Map> excludeMap) {
this.excludeMap = CustomerPolicyScopeMapCopier.copyEnumToString(excludeMap);
return this;
}
public final Collection getResourceSetIds() {
if (resourceSetIds instanceof SdkAutoConstructList) {
return null;
}
return resourceSetIds;
}
public final void setResourceSetIds(Collection resourceSetIds) {
this.resourceSetIds = ResourceSetIdsCopier.copy(resourceSetIds);
}
@Override
public final Builder resourceSetIds(Collection resourceSetIds) {
this.resourceSetIds = ResourceSetIdsCopier.copy(resourceSetIds);
return this;
}
@Override
@SafeVarargs
public final Builder resourceSetIds(String... resourceSetIds) {
resourceSetIds(Arrays.asList(resourceSetIds));
return this;
}
public final String getPolicyDescription() {
return policyDescription;
}
public final void setPolicyDescription(String policyDescription) {
this.policyDescription = policyDescription;
}
@Override
public final Builder policyDescription(String policyDescription) {
this.policyDescription = policyDescription;
return this;
}
public final String getPolicyStatus() {
return policyStatus;
}
public final void setPolicyStatus(String policyStatus) {
this.policyStatus = policyStatus;
}
@Override
public final Builder policyStatus(String policyStatus) {
this.policyStatus = policyStatus;
return this;
}
@Override
public final Builder policyStatus(CustomerPolicyStatus policyStatus) {
this.policyStatus(policyStatus == null ? null : policyStatus.toString());
return this;
}
@Override
public Policy build() {
return new Policy(this);
}
@Override
public List> sdkFields() {
return SDK_FIELDS;
}
}
}