diff --git a/.changelog/43452.txt b/.changelog/43452.txt new file mode 100644 index 000000000000..c8548c609fc8 --- /dev/null +++ b/.changelog/43452.txt @@ -0,0 +1,7 @@ +```release-note:enhancement +data-source/aws_verifiedpermissions_policy_store: Add `deletion_protection` attribute +``` + +```release-note:enhancement +resource/aws_verifiedpermissions_policy_store: Add `deletion_protection` attribute +``` \ No newline at end of file diff --git a/internal/service/verifiedpermissions/policy_store.go b/internal/service/verifiedpermissions/policy_store.go index 5e9f0d88a0b8..e7eba64c327e 100644 --- a/internal/service/verifiedpermissions/policy_store.go +++ b/internal/service/verifiedpermissions/policy_store.go @@ -13,6 +13,7 @@ import ( "github.com/hashicorp/terraform-plugin-framework/resource" "github.com/hashicorp/terraform-plugin-framework/resource/schema" "github.com/hashicorp/terraform-plugin-framework/resource/schema/planmodifier" + "github.com/hashicorp/terraform-plugin-framework/resource/schema/stringdefault" "github.com/hashicorp/terraform-plugin-framework/resource/schema/stringplanmodifier" "github.com/hashicorp/terraform-plugin-framework/schema/validator" "github.com/hashicorp/terraform-plugin-framework/types" @@ -52,6 +53,12 @@ func (r *policyStoreResource) Schema(ctx context.Context, request resource.Schem s := schema.Schema{ Attributes: map[string]schema.Attribute{ names.AttrARN: framework.ARNAttributeComputedOnly(), + names.AttrDeletionProtection: schema.StringAttribute{ + Optional: true, + Computed: true, + CustomType: fwtypes.StringEnumType[awstypes.DeletionProtection](), + Default: stringdefault.StaticString(string(awstypes.DeletionProtectionDisabled)), + }, names.AttrDescription: schema.StringAttribute{ Optional: true, }, @@ -175,7 +182,7 @@ func (r *policyStoreResource) Update(ctx context.Context, request resource.Updat conn := r.Meta().VerifiedPermissionsClient(ctx) - if !new.Description.Equal(old.Description) || !new.ValidationSettings.Equal(old.ValidationSettings) { + if !new.Description.Equal(old.Description) || !new.ValidationSettings.Equal(old.ValidationSettings) || !new.DeletionProtection.Equal(old.DeletionProtection) { var input verifiedpermissions.UpdatePolicyStoreInput response.Diagnostics.Append(fwflex.Expand(ctx, new, &input)...) if response.Diagnostics.HasError() { @@ -231,6 +238,7 @@ type policyStoreResourceModel struct { framework.WithRegionModel ARN types.String `tfsdk:"arn"` Description types.String `tfsdk:"description"` + DeletionProtection fwtypes.StringEnum[awstypes.DeletionProtection] `tfsdk:"deletion_protection"` ID types.String `tfsdk:"id"` PolicyStoreID types.String `tfsdk:"policy_store_id"` Tags tftags.Map `tfsdk:"tags"` diff --git a/internal/service/verifiedpermissions/policy_store_data_source.go b/internal/service/verifiedpermissions/policy_store_data_source.go index 3f6d7f8eb971..272ea5e532d0 100644 --- a/internal/service/verifiedpermissions/policy_store_data_source.go +++ b/internal/service/verifiedpermissions/policy_store_data_source.go @@ -41,6 +41,10 @@ func (d *policyStoreDataSource) Schema(ctx context.Context, request datasource.S CustomType: timetypes.RFC3339Type{}, Computed: true, }, + names.AttrDeletionProtection: schema.StringAttribute{ + Computed: true, + CustomType: fwtypes.StringEnumType[awstypes.DeletionProtection](), + }, names.AttrDescription: schema.StringAttribute{ Computed: true, }, @@ -87,6 +91,7 @@ type policyStoreDataSourceModel struct { framework.WithRegionModel ARN types.String `tfsdk:"arn"` CreatedDate timetypes.RFC3339 `tfsdk:"created_date"` + DeletionProtection fwtypes.StringEnum[awstypes.DeletionProtection] `tfsdk:"deletion_protection"` Description types.String `tfsdk:"description"` ID types.String `tfsdk:"id"` LastUpdatedDate timetypes.RFC3339 `tfsdk:"last_updated_date"` diff --git a/internal/service/verifiedpermissions/policy_store_data_source_test.go b/internal/service/verifiedpermissions/policy_store_data_source_test.go index 6ed4b4a466fd..c93f54029187 100644 --- a/internal/service/verifiedpermissions/policy_store_data_source_test.go +++ b/internal/service/verifiedpermissions/policy_store_data_source_test.go @@ -38,6 +38,7 @@ func TestAccVerifiedPermissionsPolicyStoreDataSource_basic(t *testing.T) { Check: resource.ComposeTestCheckFunc( testAccCheckPolicyStoreExists(ctx, dataSourceName, &policystore), resource.TestCheckResourceAttrPair(resourceName, "validation_settings.0.mode", dataSourceName, "validation_settings.0.mode"), + resource.TestCheckResourceAttr(resourceName, names.AttrDeletionProtection, "DISABLED"), resource.TestCheckResourceAttrPair(resourceName, names.AttrDescription, dataSourceName, names.AttrDescription), resource.TestCheckResourceAttrPair(resourceName, names.AttrARN, dataSourceName, names.AttrARN), resource.TestCheckResourceAttrSet(dataSourceName, names.AttrCreatedDate), diff --git a/internal/service/verifiedpermissions/policy_store_test.go b/internal/service/verifiedpermissions/policy_store_test.go index d4dc48b363d4..f13bc7f8baa4 100644 --- a/internal/service/verifiedpermissions/policy_store_test.go +++ b/internal/service/verifiedpermissions/policy_store_test.go @@ -45,6 +45,7 @@ func TestAccVerifiedPermissionsPolicyStore_basic(t *testing.T) { Check: resource.ComposeTestCheckFunc( testAccCheckPolicyStoreExists(ctx, resourceName, &policystore), resource.TestCheckResourceAttr(resourceName, "validation_settings.0.mode", "OFF"), + resource.TestCheckResourceAttr(resourceName, names.AttrDeletionProtection, "DISABLED"), resource.TestCheckResourceAttr(resourceName, names.AttrDescription, "Terraform acceptance test"), resource.TestCheckResourceAttr(resourceName, acctest.CtTagsPercent, "0"), resource.TestCheckResourceAttr(resourceName, acctest.CtTagsAllPercent, "0"), @@ -95,6 +96,47 @@ func TestAccVerifiedPermissionsPolicyStore_update(t *testing.T) { }, }) } +func TestAccVerifiedPermissionsPolicyStore_deletionProtection(t *testing.T) { + ctx := acctest.Context(t) + if testing.Short() { + t.Skip("skipping long-running test in short mode") + } + + var policystore verifiedpermissions.GetPolicyStoreOutput + resourceName := "aws_verifiedpermissions_policy_store.test" + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { + acctest.PreCheck(ctx, t) + acctest.PreCheckPartitionHasService(t, names.VerifiedPermissionsEndpointID) + testAccPolicyStoresPreCheck(ctx, t) + }, + ErrorCheck: acctest.ErrorCheck(t, names.VerifiedPermissionsServiceID), + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories, + CheckDestroy: testAccCheckPolicyStoreDestroy(ctx), + Steps: []resource.TestStep{ + { + Config: testAccPolicyStoreConfig_deletion_protection("DISABLED"), + Check: resource.ComposeTestCheckFunc( + testAccCheckPolicyStoreExists(ctx, resourceName, &policystore), + resource.TestCheckResourceAttr(resourceName, names.AttrDeletionProtection, "DISABLED"), + ), + }, + { + Config: testAccPolicyStoreConfig_deletion_protection("ENABLED"), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr(resourceName, names.AttrDeletionProtection, "ENABLED"), + ), + }, + { + Config: testAccPolicyStoreConfig_deletion_protection("DISABLED"), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr(resourceName, names.AttrDeletionProtection, "DISABLED"), + ), + }, + }, + }) +} func TestAccVerifiedPermissionsPolicyStore_disappears(t *testing.T) { ctx := acctest.Context(t) @@ -254,6 +296,17 @@ resource "aws_verifiedpermissions_policy_store" "test" { }`, mode) } +func testAccPolicyStoreConfig_deletion_protection(deletionProtection string) string { + return fmt.Sprintf(` +resource "aws_verifiedpermissions_policy_store" "test" { + description = "Terraform acceptance test" + deletion_protection = %[1]q + validation_settings { + mode = "OFF" + } +}`, deletionProtection) +} + func testAccPolicyStoreConfig_tags1(mode, tagKey1, tagValue1 string) string { return fmt.Sprintf(` resource "aws_verifiedpermissions_policy_store" "test" { diff --git a/website/docs/d/verifiedpermissions_policy_store.html.markdown b/website/docs/d/verifiedpermissions_policy_store.html.markdown index 969fd41898c4..54e916770bb1 100644 --- a/website/docs/d/verifiedpermissions_policy_store.html.markdown +++ b/website/docs/d/verifiedpermissions_policy_store.html.markdown @@ -33,6 +33,7 @@ This data source exports the following attributes in addition to the arguments a * `arn` - The ARN of the Policy Store. * `created_date` - The date the Policy Store was created. +* `deletion_protection` - Whether the policy store can be deleted. * `last_updated_date` - The date the Policy Store was last updated. * `tags` - Map of key-value pairs associated with the policy store. * `validation_settings` - Validation settings for the policy store. diff --git a/website/docs/r/verifiedpermissions_policy_store.html.markdown b/website/docs/r/verifiedpermissions_policy_store.html.markdown index 93268d8dba6d..ac60a82dd4de 100644 --- a/website/docs/r/verifiedpermissions_policy_store.html.markdown +++ b/website/docs/r/verifiedpermissions_policy_store.html.markdown @@ -32,6 +32,7 @@ The following arguments are required: The following arguments are optional: * `region` - (Optional) Region where this resource will be [managed](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints). Defaults to the Region set in the [provider configuration](https://registry.terraform.io/providers/hashicorp/aws/latest/docs#aws-configuration-reference). +* `deletion_protection` - (Optional) Specifies whether the policy store can be deleted. If enabled, the policy store can't be deleted. Valid Values: `ENABLED`, `DISABLED`. Default value: `DISABLED`. * `description` - (Optional) A description of the Policy Store. * `tags` - (Optional) Key-value mapping of resource tags. If configured with a provider [`default_tags` configuration block](/docs/providers/aws/index.html#default_tags-configuration-block) present, tags with matching keys will overwrite those defined at the provider-level.