Adds deletion protection support to policy stores. Deletion protection is disabled by default, can be enabled via the CreatePolicyStore or UpdatePolicyStore APIs, and is visible in GetPolicyStore.

Author: aws-sdk-dotnet-automation

generator/ServiceModels/verifiedpermissions/verifiedpermissions-2021-12-01.api.json

@@ -183,6 +183,7 @@
       "output":{"shape":"DeletePolicyStoreOutput"},
       "errors":[
         {"shape":"ValidationException"},
+        {"shape":"InvalidStateException"},
         {"shape":"AccessDeniedException"},
         {"shape":"ThrottlingException"},
         {"shape":"InternalServerException"}
@@ -941,7 +942,8 @@
           "idempotencyToken":true
         },
         "validationSettings":{"shape":"ValidationSettings"},
-        "description":{"shape":"PolicyStoreDescription"}
+        "description":{"shape":"PolicyStoreDescription"},
+        "deletionProtection":{"shape":"DeletionProtection"}
       }
     },
     "CreatePolicyStoreOutput":{
@@ -1064,6 +1066,13 @@
       "members":{
       }
     },
+    "DeletionProtection":{
+      "type":"string",
+      "enum":[
+        "ENABLED",
+        "DISABLED"
+      ]
+    },
     "DeterminingPolicyItem":{
       "type":"structure",
       "required":["policyId"],
@@ -1248,7 +1257,8 @@
         "validationSettings":{"shape":"ValidationSettings"},
         "createdDate":{"shape":"TimestampFormat"},
         "lastUpdatedDate":{"shape":"TimestampFormat"},
-        "description":{"shape":"PolicyStoreDescription"}
+        "description":{"shape":"PolicyStoreDescription"},
+        "deletionProtection":{"shape":"DeletionProtection"}
       }
     },
     "GetPolicyTemplateInput":{
@@ -1425,6 +1435,14 @@
       "fault":true,
       "retryable":{"throttling":false}
     },
+    "InvalidStateException":{
+      "type":"structure",
+      "required":["message"],
+      "members":{
+        "message":{"shape":"String"}
+      },
+      "exception":true
+    },
     "IpAddr":{
       "type":"string",
       "max":44,
@@ -2230,6 +2248,7 @@
       "members":{
         "policyStoreId":{"shape":"PolicyStoreId"},
         "validationSettings":{"shape":"ValidationSettings"},
+        "deletionProtection":{"shape":"DeletionProtection"},
         "description":{"shape":"PolicyStoreDescription"}
       }
     },

generator/ServiceModels/verifiedpermissions/verifiedpermissions-2021-12-01.docs.json

@@ -439,6 +439,14 @@
       "refs": {
       }
     },
+    "DeletionProtection": {
+      "base": null,
+      "refs": {
+        "CreatePolicyStoreInput$deletionProtection": "<p>Specifies whether the policy store can be deleted. If enabled, the policy store can't be deleted.</p> <p>The default state is <code>DISABLED</code>.</p>",
+        "GetPolicyStoreOutput$deletionProtection": "<p>Specifies whether the policy store can be deleted. If enabled, the policy store can't be deleted.</p> <p>The default state is <code>DISABLED</code>.</p>",
+        "UpdatePolicyStoreInput$deletionProtection": "<p>Specifies whether the policy store can be deleted. If enabled, the policy store can't be deleted.</p> <p>When you call <code>UpdatePolicyStore</code>, this parameter is unchanged unless explicitly included in the call.</p>"
+      }
+    },
     "DeterminingPolicyItem": {
       "base": "<p>Contains information about one of the policies that determined an authorization decision.</p> <p>This data type is used as an element in a response parameter for the <a href=\"https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_IsAuthorized.html\">IsAuthorized</a>, <a href=\"https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_BatchIsAuthorized.html\">BatchIsAuthorized</a>, and <a href=\"https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_IsAuthorizedWithToken.html\">IsAuthorizedWithToken</a> operations.</p> <p>Example: <code>\"determiningPolicies\":[{\"policyId\":\"SPEXAMPLEabcdefg111111\"}]</code> </p>",
       "refs": {
@@ -687,6 +695,11 @@
       "refs": {
       }
     },
+    "InvalidStateException": {
+      "base": "<p>The policy store can't be deleted because deletion protection is enabled. To delete this policy store, disable deletion protection.</p>",
+      "refs": {
+      }
+    },
     "IpAddr": {
       "base": null,
       "refs": {
@@ -1226,6 +1239,7 @@
         "EntityAttributes$key": null,
         "EvaluationErrorItem$errorDescription": "<p>The error description.</p>",
         "InternalServerException$message": null,
+        "InvalidStateException$message": null,
         "RecordAttribute$key": null,
         "ResourceConflict$resourceId": "<p>The unique identifier of the resource involved in a conflict.</p>",
         "ResourceNotFoundException$message": null,

generator/ServiceModels/verifiedpermissions/verifiedpermissions-2021-12-01.normal.json

@@ -192,6 +192,7 @@
       "output":{"shape":"DeletePolicyStoreOutput"},
       "errors":[
         {"shape":"ValidationException"},
+        {"shape":"InvalidStateException"},
         {"shape":"AccessDeniedException"},
         {"shape":"ThrottlingException"},
         {"shape":"InternalServerException"}
@@ -1274,6 +1275,10 @@
         "description":{
           "shape":"PolicyStoreDescription",
           "documentation":"<p>Descriptive text that you can provide to help with identification of the current policy store.</p>"
+        },
+        "deletionProtection":{
+          "shape":"DeletionProtection",
+          "documentation":"<p>Specifies whether the policy store can be deleted. If enabled, the policy store can't be deleted.</p> <p>The default state is <code>DISABLED</code>.</p>"
         }
       }
     },
@@ -1452,6 +1457,13 @@
       "members":{
       }
     },
+    "DeletionProtection":{
+      "type":"string",
+      "enum":[
+        "ENABLED",
+        "DISABLED"
+      ]
+    },
     "DeterminingPolicyItem":{
       "type":"structure",
       "required":["policyId"],
@@ -1757,6 +1769,10 @@
         "description":{
           "shape":"PolicyStoreDescription",
           "documentation":"<p>Descriptive text that you can provide to help with identification of the current policy store.</p>"
+        },
+        "deletionProtection":{
+          "shape":"DeletionProtection",
+          "documentation":"<p>Specifies whether the policy store can be deleted. If enabled, the policy store can't be deleted.</p> <p>The default state is <code>DISABLED</code>.</p>"
         }
       }
     },
@@ -2011,6 +2027,15 @@
       "fault":true,
       "retryable":{"throttling":false}
     },
+    "InvalidStateException":{
+      "type":"structure",
+      "required":["message"],
+      "members":{
+        "message":{"shape":"String"}
+      },
+      "documentation":"<p>The policy store can't be deleted because deletion protection is enabled. To delete this policy store, disable deletion protection.</p>",
+      "exception":true
+    },
     "IpAddr":{
       "type":"string",
       "max":44,
@@ -3395,6 +3420,10 @@
           "shape":"ValidationSettings",
           "documentation":"<p>A structure that defines the validation settings that want to enable for the policy store.</p>"
         },
+        "deletionProtection":{
+          "shape":"DeletionProtection",
+          "documentation":"<p>Specifies whether the policy store can be deleted. If enabled, the policy store can't be deleted.</p> <p>When you call <code>UpdatePolicyStore</code>, this parameter is unchanged unless explicitly included in the call.</p>"
+        },
         "description":{
           "shape":"PolicyStoreDescription",
           "documentation":"<p>Descriptive text that you can provide to help with identification of the current policy store.</p>"

sdk/src/Services/VerifiedPermissions/Generated/Model/CreatePolicyStoreRequest.cs

@@ -50,6 +50,7 @@ namespace Amazon.VerifiedPermissions.Model
     public partial class CreatePolicyStoreRequest : AmazonVerifiedPermissionsRequest
     {
         private string _clientToken;
+        private DeletionProtection _deletionProtection;
         private string _description;
         private ValidationSettings _validationSettings;
 
@@ -93,6 +94,29 @@ internal bool IsSetClientToken()
             return this._clientToken != null;
         }
 
+        /// <summary>
+        /// Gets and sets the property DeletionProtection. 
+        /// <para>
+        /// Specifies whether the policy store can be deleted. If enabled, the policy store can't
+        /// be deleted.
+        /// </para>
+        ///  
+        /// <para>
+        /// The default state is <c>DISABLED</c>.
+        /// </para>
+        /// </summary>
+        public DeletionProtection DeletionProtection
+        {
+            get { return this._deletionProtection; }
+            set { this._deletionProtection = value; }
+        }
+
+        // Check to see if DeletionProtection property is set
+        internal bool IsSetDeletionProtection()
+        {
+            return this._deletionProtection != null;
+        }
+
         /// <summary>
         /// Gets and sets the property Description. 
         /// <para>

sdk/src/Services/VerifiedPermissions/Generated/Model/GetPolicyStoreResponse.cs

@@ -36,6 +36,7 @@ public partial class GetPolicyStoreResponse : AmazonWebServiceResponse
     {
         private string _arn;
         private DateTime? _createdDate;
+        private DeletionProtection _deletionProtection;
         private string _description;
         private DateTime? _lastUpdatedDate;
         private string _policyStoreId;
@@ -79,6 +80,29 @@ internal bool IsSetCreatedDate()
             return this._createdDate.HasValue; 
         }
 
+        /// <summary>
+        /// Gets and sets the property DeletionProtection. 
+        /// <para>
+        /// Specifies whether the policy store can be deleted. If enabled, the policy store can't
+        /// be deleted.
+        /// </para>
+        ///  
+        /// <para>
+        /// The default state is <c>DISABLED</c>.
+        /// </para>
+        /// </summary>
+        public DeletionProtection DeletionProtection
+        {
+            get { return this._deletionProtection; }
+            set { this._deletionProtection = value; }
+        }
+
+        // Check to see if DeletionProtection property is set
+        internal bool IsSetDeletionProtection()
+        {
+            return this._deletionProtection != null;
+        }
+
         /// <summary>
         /// Gets and sets the property Description. 
         /// <para>

sdk/src/Services/VerifiedPermissions/Generated/Model/Internal/MarshallTransformations/CreatePolicyStoreRequestMarshaller.cs

@@ -80,6 +80,12 @@ public IRequest Marshall(CreatePolicyStoreRequest publicRequest)
                     context.Writer.WritePropertyName("clientToken");
                     context.Writer.Write(Guid.NewGuid().ToString());
                 }
+                if(publicRequest.IsSetDeletionProtection())
+                {
+                    context.Writer.WritePropertyName("deletionProtection");
+                    context.Writer.Write(publicRequest.DeletionProtection);
+                }
+
                 if(publicRequest.IsSetDescription())
                 {
                     context.Writer.WritePropertyName("description");

sdk/src/Services/VerifiedPermissions/Generated/Model/Internal/MarshallTransformations/DeletePolicyStoreResponseUnmarshaller.cs

@@ -78,6 +78,10 @@ public override AmazonServiceException UnmarshallException(JsonUnmarshallerConte
                 {
                     return InternalServerExceptionUnmarshaller.Instance.Unmarshall(contextCopy, errorResponse);
                 }
+                if (errorResponse.Code != null && errorResponse.Code.Equals("InvalidStateException"))
+                {
+                    return InvalidStateExceptionUnmarshaller.Instance.Unmarshall(contextCopy, errorResponse);
+                }
                 if (errorResponse.Code != null && errorResponse.Code.Equals("ThrottlingException"))
                 {
                     return ThrottlingExceptionUnmarshaller.Instance.Unmarshall(contextCopy, errorResponse);

sdk/src/Services/VerifiedPermissions/Generated/Model/Internal/MarshallTransformations/GetPolicyStoreResponseUnmarshaller.cs

@@ -64,6 +64,12 @@ public override AmazonWebServiceResponse Unmarshall(JsonUnmarshallerContext cont
                     response.CreatedDate = unmarshaller.Unmarshall(context);
                     continue;
                 }
+                if (context.TestExpression("deletionProtection", targetDepth))
+                {
+                    var unmarshaller = StringUnmarshaller.Instance;
+                    response.DeletionProtection = unmarshaller.Unmarshall(context);
+                    continue;
+                }
                 if (context.TestExpression("description", targetDepth))
                 {
                     var unmarshaller = StringUnmarshaller.Instance;

sdk/src/Services/VerifiedPermissions/Generated/Model/Internal/MarshallTransformations/InvalidStateExceptionUnmarshaller.cs

@@ -0,0 +1,86 @@
+/*
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License").
+ * You may not use this file except in compliance with the License.
+ * A copy of the License is located at
+ * 
+ *  http://aws.amazon.com/apache2.0
+ * 
+ * or in the "license" file accompanying this file. This file is distributed
+ * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+ * express or implied. See the License for the specific language governing
+ * permissions and limitations under the License.
+ */
+
+/*
+ * Do not modify this file. This file is generated from the verifiedpermissions-2021-12-01.normal.json service model.
+ */
+using System;
+using System.Collections.Generic;
+using System.Globalization;
+using System.IO;
+using System.Net;
+using System.Text;
+using System.Xml.Serialization;
+
+using Amazon.VerifiedPermissions.Model;
+using Amazon.Runtime;
+using Amazon.Runtime.Internal;
+using Amazon.Runtime.Internal.Transform;
+using Amazon.Runtime.Internal.Util;
+using ThirdParty.Json.LitJson;
+
+#pragma warning disable CS0612,CS0618
+namespace Amazon.VerifiedPermissions.Model.Internal.MarshallTransformations
+{
+    /// <summary>
+    /// Response Unmarshaller for InvalidStateException Object
+    /// </summary>  
+    public class InvalidStateExceptionUnmarshaller : IErrorResponseUnmarshaller<InvalidStateException, JsonUnmarshallerContext>
+    {
+        /// <summary>
+        /// Unmarshaller the response from the service to the response class.
+        /// </summary>  
+        /// <param name="context"></param>
+        /// <returns></returns>
+        public InvalidStateException Unmarshall(JsonUnmarshallerContext context)
+        {
+            return this.Unmarshall(context, new Amazon.Runtime.Internal.ErrorResponse());
+        }
+
+        /// <summary>
+        /// Unmarshaller the response from the service to the response class.
+        /// </summary>  
+        /// <param name="context"></param>
+        /// <param name="errorResponse"></param>
+        /// <returns></returns>
+        public InvalidStateException Unmarshall(JsonUnmarshallerContext context, Amazon.Runtime.Internal.ErrorResponse errorResponse)
+        {
+            context.Read();
+
+            InvalidStateException unmarshalledObject = new InvalidStateException(errorResponse.Message, errorResponse.InnerException,
+                errorResponse.Type, errorResponse.Code, errorResponse.RequestId, errorResponse.StatusCode);
+        
+            int targetDepth = context.CurrentDepth;
+            while (context.ReadAtDepth(targetDepth))
+            {
+            }
+          
+            return unmarshalledObject;
+        }
+
+        private static InvalidStateExceptionUnmarshaller _instance = new InvalidStateExceptionUnmarshaller();        
+
+        /// <summary>
+        /// Gets the singleton.
+        /// </summary>  
+        public static InvalidStateExceptionUnmarshaller Instance
+        {
+            get
+            {
+                return _instance;
+            }
+        }
+    }
+}

sdk/src/Services/VerifiedPermissions/Generated/Model/Internal/MarshallTransformations/UpdatePolicyStoreRequestMarshaller.cs

@@ -69,6 +69,12 @@ public IRequest Marshall(UpdatePolicyStoreRequest publicRequest)
                 writer.Validate = false;
                 writer.WriteObjectStart();
                 var context = new JsonMarshallerContext(request, writer);
+                if(publicRequest.IsSetDeletionProtection())
+                {
+                    context.Writer.WritePropertyName("deletionProtection");
+                    context.Writer.Write(publicRequest.DeletionProtection);
+                }
+
                 if(publicRequest.IsSetDescription())
                 {
                     context.Writer.WritePropertyName("description");