feat: add deletion protection for verifiedpermissions_policy_store

.changelog/43452.txt

@@ -0,0 +1,7 @@
+```release-note:enhancement
+data-source/aws_verifiedpermissions_policy_store: Add `deletion_protection` attribute
+```
+
+```release-note:enhancement
+resource/aws_verifiedpermissions_policy_store: Add `deletion_protection` attribute
+```

internal/service/verifiedpermissions/policy_store.go

@@ -13,6 +13,7 @@ import (
 	"github.com/hashicorp/terraform-plugin-framework/resource"
 	"github.com/hashicorp/terraform-plugin-framework/resource/schema"
 	"github.com/hashicorp/terraform-plugin-framework/resource/schema/planmodifier"
+	"github.com/hashicorp/terraform-plugin-framework/resource/schema/stringdefault"
 	"github.com/hashicorp/terraform-plugin-framework/resource/schema/stringplanmodifier"
 	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
 	"github.com/hashicorp/terraform-plugin-framework/types"
@@ -52,6 +53,12 @@ func (r *policyStoreResource) Schema(ctx context.Context, request resource.Schem
 	s := schema.Schema{
 		Attributes: map[string]schema.Attribute{
 			names.AttrARN: framework.ARNAttributeComputedOnly(),
+			names.AttrDeletionProtection: schema.StringAttribute{
+				Optional:   true,
+				Computed:   true,
+				CustomType: fwtypes.StringEnumType[awstypes.DeletionProtection](),
+				Default:    stringdefault.StaticString(string(awstypes.DeletionProtectionDisabled)),
+			},
 			names.AttrDescription: schema.StringAttribute{
 				Optional: true,
 			},
@@ -175,7 +182,7 @@ func (r *policyStoreResource) Update(ctx context.Context, request resource.Updat
 
 	conn := r.Meta().VerifiedPermissionsClient(ctx)
 
-	if !new.Description.Equal(old.Description) || !new.ValidationSettings.Equal(old.ValidationSettings) {
+	if !new.Description.Equal(old.Description) || !new.ValidationSettings.Equal(old.ValidationSettings) || !new.DeletionProtection.Equal(old.DeletionProtection) {
 		var input verifiedpermissions.UpdatePolicyStoreInput
 		response.Diagnostics.Append(fwflex.Expand(ctx, new, &input)...)
 		if response.Diagnostics.HasError() {
@@ -231,6 +238,7 @@ type policyStoreResourceModel struct {
 	framework.WithRegionModel
 	ARN                types.String                                        `tfsdk:"arn"`
 	Description        types.String                                        `tfsdk:"description"`
+	DeletionProtection fwtypes.StringEnum[awstypes.DeletionProtection]     `tfsdk:"deletion_protection"`
 	ID                 types.String                                        `tfsdk:"id"`
 	PolicyStoreID      types.String                                        `tfsdk:"policy_store_id"`
 	Tags               tftags.Map                                          `tfsdk:"tags"`

internal/service/verifiedpermissions/policy_store_data_source.go

@@ -41,6 +41,10 @@ func (d *policyStoreDataSource) Schema(ctx context.Context, request datasource.S
 				CustomType: timetypes.RFC3339Type{},
 				Computed:   true,
 			},
+			names.AttrDeletionProtection: schema.StringAttribute{
+				Computed:   true,
+				CustomType: fwtypes.StringEnumType[awstypes.DeletionProtection](),
+			},
 			names.AttrDescription: schema.StringAttribute{
 				Computed: true,
 			},
@@ -87,6 +91,7 @@ type policyStoreDataSourceModel struct {
 	framework.WithRegionModel
 	ARN                types.String                                             `tfsdk:"arn"`
 	CreatedDate        timetypes.RFC3339                                        `tfsdk:"created_date"`
+	DeletionProtection fwtypes.StringEnum[awstypes.DeletionProtection]          `tfsdk:"deletion_protection"`
 	Description        types.String                                             `tfsdk:"description"`
 	ID                 types.String                                             `tfsdk:"id"`
 	LastUpdatedDate    timetypes.RFC3339                                        `tfsdk:"last_updated_date"`

internal/service/verifiedpermissions/policy_store_data_source_test.go

@@ -38,6 +38,7 @@ func TestAccVerifiedPermissionsPolicyStoreDataSource_basic(t *testing.T) {
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckPolicyStoreExists(ctx, dataSourceName, &policystore),
 					resource.TestCheckResourceAttrPair(resourceName, "validation_settings.0.mode", dataSourceName, "validation_settings.0.mode"),
+					resource.TestCheckResourceAttr(resourceName, names.AttrDeletionProtection, "DISABLED"),
 					resource.TestCheckResourceAttrPair(resourceName, names.AttrDescription, dataSourceName, names.AttrDescription),
 					resource.TestCheckResourceAttrPair(resourceName, names.AttrARN, dataSourceName, names.AttrARN),
 					resource.TestCheckResourceAttrSet(dataSourceName, names.AttrCreatedDate),

internal/service/verifiedpermissions/policy_store_test.go

@@ -45,6 +45,7 @@ func TestAccVerifiedPermissionsPolicyStore_basic(t *testing.T) {
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckPolicyStoreExists(ctx, resourceName, &policystore),
 					resource.TestCheckResourceAttr(resourceName, "validation_settings.0.mode", "OFF"),
+					resource.TestCheckResourceAttr(resourceName, names.AttrDeletionProtection, "DISABLED"),
 					resource.TestCheckResourceAttr(resourceName, names.AttrDescription, "Terraform acceptance test"),
 					resource.TestCheckResourceAttr(resourceName, acctest.CtTagsPercent, "0"),
 					resource.TestCheckResourceAttr(resourceName, acctest.CtTagsAllPercent, "0"),
@@ -95,6 +96,47 @@ func TestAccVerifiedPermissionsPolicyStore_update(t *testing.T) {
 		},
 	})
 }
+func TestAccVerifiedPermissionsPolicyStore_deletionProtection(t *testing.T) {
+	ctx := acctest.Context(t)
+	if testing.Short() {
+		t.Skip("skipping long-running test in short mode")
+	}
+
+	var policystore verifiedpermissions.GetPolicyStoreOutput
+	resourceName := "aws_verifiedpermissions_policy_store.test"
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck: func() {
+			acctest.PreCheck(ctx, t)
+			acctest.PreCheckPartitionHasService(t, names.VerifiedPermissionsEndpointID)
+			testAccPolicyStoresPreCheck(ctx, t)
+		},
+		ErrorCheck:               acctest.ErrorCheck(t, names.VerifiedPermissionsServiceID),
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
+		CheckDestroy:             testAccCheckPolicyStoreDestroy(ctx),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccPolicyStoreConfig_deletion_protection("DISABLED"),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckPolicyStoreExists(ctx, resourceName, &policystore),
+					resource.TestCheckResourceAttr(resourceName, names.AttrDeletionProtection, "DISABLED"),
+				),
+			},
+			{
+				Config: testAccPolicyStoreConfig_deletion_protection("ENABLED"),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr(resourceName, names.AttrDeletionProtection, "ENABLED"),
+				),
+			},
+			{
+				Config: testAccPolicyStoreConfig_deletion_protection("DISABLED"),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr(resourceName, names.AttrDeletionProtection, "DISABLED"),
+				),
+			},
+		},
+	})
+}
 
 func TestAccVerifiedPermissionsPolicyStore_disappears(t *testing.T) {
 	ctx := acctest.Context(t)
@@ -254,6 +296,17 @@ resource "aws_verifiedpermissions_policy_store" "test" {
 }`, mode)
 }
 
+func testAccPolicyStoreConfig_deletion_protection(deletionProtection string) string {
+	return fmt.Sprintf(`
+resource "aws_verifiedpermissions_policy_store" "test" {
+  description         = "Terraform acceptance test"
+  deletion_protection = %[1]q
+  validation_settings {
+    mode = "OFF"
+  }
+}`, deletionProtection)
+}
+
 func testAccPolicyStoreConfig_tags1(mode, tagKey1, tagValue1 string) string {
 	return fmt.Sprintf(`
 resource "aws_verifiedpermissions_policy_store" "test" {

website/docs/d/verifiedpermissions_policy_store.html.markdown

@@ -33,6 +33,7 @@ This data source exports the following attributes in addition to the arguments a
 
 * `arn` - The ARN of the Policy Store.
 * `created_date` - The date the Policy Store was created.
+* `deletion_protection` - Whether the policy store can be deleted.
 * `last_updated_date` - The date the Policy Store was last updated.
 * `tags` - Map of key-value pairs associated with the policy store.
 * `validation_settings` - Validation settings for the policy store.

website/docs/r/verifiedpermissions_policy_store.html.markdown

@@ -32,6 +32,7 @@ The following arguments are required:
 The following arguments are optional:
 
 * `region` - (Optional) Region where this resource will be [managed](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints). Defaults to the Region set in the [provider configuration](https://registry.terraform.io/providers/hashicorp/aws/latest/docs#aws-configuration-reference).
+* `deletion_protection` - (Optional) Specifies whether the policy store can be deleted. If enabled, the policy store can't be deleted. Valid Values: `ENABLED`, `DISABLED`. Default value: `DISABLED`.
 * `description` - (Optional) A description of the Policy Store.
 * `tags` - (Optional) Key-value mapping of resource tags. If configured with a provider [`default_tags` configuration block](/docs/providers/aws/index.html#default_tags-configuration-block) present, tags with matching keys will overwrite those defined at the provider-level.