aws-sdk-verifiedpermissions 1.42.0 → 1.44.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d2f3a4c766f1de851c078550073199d66298029322121236b34d43d3f8c9e960
-  data.tar.gz: '0397d99bdf70ef81abebd1f18aec7c2131b10bbcae8f0e23a5d5484a16f382a3'
+  metadata.gz: e12ecb6bc46cd467561306d4e8368777241e6e5f74e8e0a5b6142f75b112037e
+  data.tar.gz: 47b79b6027a1bf5d8e6ac20728882cfde661fc4e29d5c8768e709a68793ee833
 SHA512:
-  metadata.gz: a8c5811ef85bcfade36e0b01c184be98b65b7c82d7d71d6a3420898a7910baa378108b76c7655bdf07b05711f1efb732656402b970bc8d839fdab8007f2478fb
-  data.tar.gz: 8561a39276f829dde7a6c89d9136f6b7567e52720e3a4e7408754af387adc7a489b6069d026787a575a538557ba317d6df8b78b840b83eb89e558303d34b7d35
+  metadata.gz: 92d777128b39c78129c23d594617d1ed6de5df6931de8386b46580bfdf3c9aa6ce103f7c08071b0ea6bfd878e4e08fb0fb4dafa8a48352263a18f6e985d2f336
+  data.tar.gz: e138ebe4efbb54bfe92e7d74a48e7a8d4eb8d7b89683d81e06794c3a0a7ef84ab27fa9ee4e5298293715b0b84e4701dd66d6a4d5462e706f9c8094cccfb85224

data/CHANGELOG.md

@@ -1,6 +1,16 @@
 Unreleased Changes
 ------------------
 
+1.44.0 (2025-05-01)
+------------------
+
+* Feature - Amazon Verified Permissions / Features : Adds support for tagging policy stores.
+
+1.43.0 (2025-04-11)
+------------------
+
+* Feature - Adds deletion protection support to policy stores. Deletion protection is disabled by default, can be enabled via the CreatePolicyStore or UpdatePolicyStore APIs, and is visible in GetPolicyStore.
+
 1.42.0 (2025-02-18)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.42.0
+1.44.0

data/lib/aws-sdk-verifiedpermissions/client.rb

@@ -636,9 +636,11 @@ module Aws::VerifiedPermissions
     #   will be used to make the authorization decisions for the input.
     #
     # @option params [Types::EntitiesDefinition] :entities
-    #   Specifies the list of resources and principals and their associated
-    #   attributes that Verified Permissions can examine when evaluating the
-    #   policies.
+    #   (Optional) Specifies the list of resources and principals and their
+    #   associated attributes that Verified Permissions can examine when
+    #   evaluating the policies. These additional entities and their
+    #   attributes can be referenced and checked by conditional elements in
+    #   the policies in the specified policy store.
     #
     #   <note markdown="1"> You can include only principal and resource entities in this
     #   parameter; you can't include actions. You must specify actions in the
@@ -947,8 +949,11 @@ module Aws::VerifiedPermissions
     #   `token_use` claim in the submitted token isn't `access`.
     #
     # @option params [Types::EntitiesDefinition] :entities
-    #   Specifies the list of resources and their associated attributes that
-    #   Verified Permissions can examine when evaluating the policies.
+    #   (Optional) Specifies the list of resources and their associated
+    #   attributes that Verified Permissions can examine when evaluating the
+    #   policies. These additional entities and their attributes can be
+    #   referenced and checked by conditional elements in the policies in the
+    #   specified policy store.
     #
     #   You can't include principals in this parameter, only resource and
     #   action entities. This parameter can't include any entities of a type
@@ -1649,6 +1654,15 @@ module Aws::VerifiedPermissions
     #   Descriptive text that you can provide to help with identification of
     #   the current policy store.
     #
+    # @option params [String] :deletion_protection
+    #   Specifies whether the policy store can be deleted. If enabled, the
+    #   policy store can't be deleted.
+    #
+    #   The default state is `DISABLED`.
+    #
+    # @option params [Hash<String,String>] :tags
+    #   The list of key-value pairs to associate with the policy store.
+    #
     # @return [Types::CreatePolicyStoreOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::CreatePolicyStoreOutput#policy_store_id #policy_store_id} => String
@@ -1684,6 +1698,10 @@ module Aws::VerifiedPermissions
     #       mode: "OFF", # required, accepts OFF, STRICT
     #     },
     #     description: "PolicyStoreDescription",
+    #     deletion_protection: "ENABLED", # accepts ENABLED, DISABLED
+    #     tags: {
+    #       "TagKey" => "TagValue",
+    #     },
     #   })
     #
     # @example Response structure
@@ -2174,6 +2192,17 @@ module Aws::VerifiedPermissions
     # @option params [required, String] :policy_store_id
     #   Specifies the ID of the policy store that you want information about.
     #
+    # @option params [Boolean] :tags
+    #   Specifies whether to return the tags that are attached to the policy
+    #   store. If this parameter is included in the API call, the tags are
+    #   returned, otherwise they are not returned.
+    #
+    #   <note markdown="1"> If this parameter is included in the API call but there are no tags
+    #   attached to the policy store, the `tags` response parameter is omitted
+    #   from the response.
+    #
+    #    </note>
+    #
     # @return [Types::GetPolicyStoreOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::GetPolicyStoreOutput#policy_store_id #policy_store_id} => String
@@ -2182,6 +2211,9 @@ module Aws::VerifiedPermissions
     #   * {Types::GetPolicyStoreOutput#created_date #created_date} => Time
     #   * {Types::GetPolicyStoreOutput#last_updated_date #last_updated_date} => Time
     #   * {Types::GetPolicyStoreOutput#description #description} => String
+    #   * {Types::GetPolicyStoreOutput#deletion_protection #deletion_protection} => String
+    #   * {Types::GetPolicyStoreOutput#cedar_version #cedar_version} => String
+    #   * {Types::GetPolicyStoreOutput#tags #tags} => Hash&lt;String,String&gt;
     #
     #
     # @example Example: GetPolicyStore
@@ -2207,6 +2239,7 @@ module Aws::VerifiedPermissions
     #
     #   resp = client.get_policy_store({
     #     policy_store_id: "PolicyStoreId", # required
+    #     tags: false,
     #   })
     #
     # @example Response structure
@@ -2217,6 +2250,10 @@ module Aws::VerifiedPermissions
     #   resp.created_date #=> Time
     #   resp.last_updated_date #=> Time
     #   resp.description #=> String
+    #   resp.deletion_protection #=> String, one of "ENABLED", "DISABLED"
+    #   resp.cedar_version #=> String, one of "CEDAR_2", "CEDAR_4"
+    #   resp.tags #=> Hash
+    #   resp.tags["TagKey"] #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/GetPolicyStore AWS API Documentation
     #
@@ -2382,9 +2419,11 @@ module Aws::VerifiedPermissions
     #   authorization decisions.
     #
     # @option params [Types::EntitiesDefinition] :entities
-    #   Specifies the list of resources and principals and their associated
-    #   attributes that Verified Permissions can examine when evaluating the
-    #   policies.
+    #   (Optional) Specifies the list of resources and principals and their
+    #   associated attributes that Verified Permissions can examine when
+    #   evaluating the policies. These additional entities and their
+    #   attributes can be referenced and checked by conditional elements in
+    #   the policies in the specified policy store.
     #
     #   <note markdown="1"> You can include only principal and resource entities in this
     #   parameter; you can't include actions. You must specify actions in the
@@ -2582,8 +2621,11 @@ module Aws::VerifiedPermissions
     #   authorization decisions.
     #
     # @option params [Types::EntitiesDefinition] :entities
-    #   Specifies the list of resources and their associated attributes that
-    #   Verified Permissions can examine when evaluating the policies.
+    #   (Optional) Specifies the list of resources and their associated
+    #   attributes that Verified Permissions can examine when evaluating the
+    #   policies. These additional entities and their attributes can be
+    #   referenced and checked by conditional elements in the policies in the
+    #   specified policy store.
     #
     #   You can't include principals in this parameter, only resource and
     #   action entities. This parameter can't include any entities of a type
@@ -3251,6 +3293,54 @@ module Aws::VerifiedPermissions
       req.send_request(options)
     end
 
+    # Returns the tags associated with the specified Amazon Verified
+    # Permissions resource. In Verified Permissions, policy stores can be
+    # tagged.
+    #
+    # @option params [required, String] :resource_arn
+    #   The ARN of the resource for which you want to view tags.
+    #
+    # @return [Types::ListTagsForResourceOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ListTagsForResourceOutput#tags #tags} => Hash&lt;String,String&gt;
+    #
+    #
+    # @example Example: ListTagsForResource
+    #
+    #   # The following example lists all the tags for the resource named in the API call.
+    #
+    #   resp = client.list_tags_for_resource({
+    #     resource_arn: "C7v5xMplfFH3i3e4Jrzb1a", 
+    #   })
+    #
+    #   resp.to_h outputs the following:
+    #   {
+    #     tags: {
+    #       "key1" => "value1", 
+    #       "key2" => "value2", 
+    #     }, 
+    #   }
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.list_tags_for_resource({
+    #     resource_arn: "AmazonResourceName", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.tags #=> Hash
+    #   resp.tags["TagKey"] #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/ListTagsForResource AWS API Documentation
+    #
+    # @overload list_tags_for_resource(params = {})
+    # @param [Hash] params ({})
+    def list_tags_for_resource(params = {}, options = {})
+      req = build_request(:list_tags_for_resource, params)
+      req.send_request(options)
+    end
+
     # Creates or updates the policy schema in the specified policy store.
     # The schema is used to validate any Cedar policies and policy templates
     # submitted to the policy store. Any changes to the schema validate only
@@ -3336,6 +3426,112 @@ module Aws::VerifiedPermissions
       req.send_request(options)
     end
 
+    # Assigns one or more tags (key-value pairs) to the specified Amazon
+    # Verified Permissions resource. Tags can help you organize and
+    # categorize your resources. You can also use them to scope user
+    # permissions by granting a user permission to access or change only
+    # resources with certain tag values. In Verified Permissions, policy
+    # stores can be tagged.
+    #
+    # Tags don't have any semantic meaning to Amazon Web Services and are
+    # interpreted strictly as strings of characters.
+    #
+    # You can use the TagResource action with a resource that already has
+    # tags. If you specify a new tag key, this tag is appended to the list
+    # of tags associated with the resource. If you specify a tag key that is
+    # already associated with the resource, the new tag value that you
+    # specify replaces the previous value for that tag.
+    #
+    # You can associate as many as 50 tags with a resource.
+    #
+    # @option params [required, String] :resource_arn
+    #   The ARN of the resource that you're adding tags to.
+    #
+    # @option params [required, Hash<String,String>] :tags
+    #   The list of key-value pairs to associate with the resource.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    #
+    # @example Example: TagResource
+    #
+    #   # The following example tags the resource.
+    #
+    #   resp = client.tag_resource({
+    #     resource_arn: "C7v5xMplfFH3i3e4Jrzb1a", 
+    #     tags: {
+    #       "key1" => "value1", 
+    #       "key2" => "value2", 
+    #     }, 
+    #   })
+    #
+    #   resp.to_h outputs the following:
+    #   {
+    #   }
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.tag_resource({
+    #     resource_arn: "AmazonResourceName", # required
+    #     tags: { # required
+    #       "TagKey" => "TagValue",
+    #     },
+    #   })
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/TagResource AWS API Documentation
+    #
+    # @overload tag_resource(params = {})
+    # @param [Hash] params ({})
+    def tag_resource(params = {}, options = {})
+      req = build_request(:tag_resource, params)
+      req.send_request(options)
+    end
+
+    # Removes one or more tags from the specified Amazon Verified
+    # Permissions resource. In Verified Permissions, policy stores can be
+    # tagged.
+    #
+    # @option params [required, String] :resource_arn
+    #   The ARN of the resource from which you are removing tags.
+    #
+    # @option params [required, Array<String>] :tag_keys
+    #   The list of tag keys to remove from the resource.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    #
+    # @example Example: UntagResource
+    #
+    #   # The following example removes the listed tags from the resource.
+    #
+    #   resp = client.untag_resource({
+    #     resource_arn: "C7v5xMplfFH3i3e4Jrzb1a", 
+    #     tag_keys: [
+    #       "key1", 
+    #       "key2", 
+    #     ], 
+    #   })
+    #
+    #   resp.to_h outputs the following:
+    #   {
+    #   }
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.untag_resource({
+    #     resource_arn: "AmazonResourceName", # required
+    #     tag_keys: ["TagKey"], # required
+    #   })
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/UntagResource AWS API Documentation
+    #
+    # @overload untag_resource(params = {})
+    # @param [Hash] params ({})
+    def untag_resource(params = {}, options = {})
+      req = build_request(:untag_resource, params)
+      req.send_request(options)
+    end
+
     # Updates the specified identity source to use a new identity provider
     # (IdP), or to change the mapping of identities from the IdP to a
     # different principal entity type.
@@ -3621,6 +3817,13 @@ module Aws::VerifiedPermissions
     #   A structure that defines the validation settings that want to enable
     #   for the policy store.
     #
+    # @option params [String] :deletion_protection
+    #   Specifies whether the policy store can be deleted. If enabled, the
+    #   policy store can't be deleted.
+    #
+    #   When you call `UpdatePolicyStore`, this parameter is unchanged unless
+    #   explicitly included in the call.
+    #
     # @option params [String] :description
     #   Descriptive text that you can provide to help with identification of
     #   the current policy store.
@@ -3659,6 +3862,7 @@ module Aws::VerifiedPermissions
     #     validation_settings: { # required
     #       mode: "OFF", # required, accepts OFF, STRICT
     #     },
+    #     deletion_protection: "ENABLED", # accepts ENABLED, DISABLED
     #     description: "PolicyStoreDescription",
     #   })
     #
@@ -3804,7 +4008,7 @@ module Aws::VerifiedPermissions
         tracer: tracer
       )
       context[:gem_name] = 'aws-sdk-verifiedpermissions'
-      context[:gem_version] = '1.42.0'
+      context[:gem_version] = '1.44.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-verifiedpermissions/client_api.rb

@@ -19,6 +19,7 @@ module Aws::VerifiedPermissions
     ActionIdentifier = Shapes::StructureShape.new(name: 'ActionIdentifier')
     ActionIdentifierList = Shapes::ListShape.new(name: 'ActionIdentifierList')
     ActionType = Shapes::StringShape.new(name: 'ActionType')
+    AmazonResourceName = Shapes::StringShape.new(name: 'AmazonResourceName')
     AttributeValue = Shapes::UnionShape.new(name: 'AttributeValue')
     Audience = Shapes::StringShape.new(name: 'Audience')
     Audiences = Shapes::ListShape.new(name: 'Audiences')
@@ -46,6 +47,7 @@ module Aws::VerifiedPermissions
     Boolean = Shapes::BooleanShape.new(name: 'Boolean')
     BooleanAttribute = Shapes::BooleanShape.new(name: 'BooleanAttribute')
     CedarJson = Shapes::StringShape.new(name: 'CedarJson')
+    CedarVersion = Shapes::StringShape.new(name: 'CedarVersion')
     Claim = Shapes::StringShape.new(name: 'Claim')
     ClientId = Shapes::StringShape.new(name: 'ClientId')
     ClientIds = Shapes::ListShape.new(name: 'ClientIds')
@@ -79,6 +81,7 @@ module Aws::VerifiedPermissions
     DeletePolicyStoreOutput = Shapes::StructureShape.new(name: 'DeletePolicyStoreOutput')
     DeletePolicyTemplateInput = Shapes::StructureShape.new(name: 'DeletePolicyTemplateInput')
     DeletePolicyTemplateOutput = Shapes::StructureShape.new(name: 'DeletePolicyTemplateOutput')
+    DeletionProtection = Shapes::StringShape.new(name: 'DeletionProtection')
     DeterminingPolicyItem = Shapes::StructureShape.new(name: 'DeterminingPolicyItem')
     DeterminingPolicyList = Shapes::ListShape.new(name: 'DeterminingPolicyList')
     DiscoveryUrl = Shapes::StringShape.new(name: 'DiscoveryUrl')
@@ -113,6 +116,7 @@ module Aws::VerifiedPermissions
     IdentitySourceItemDetails = Shapes::StructureShape.new(name: 'IdentitySourceItemDetails')
     IdentitySources = Shapes::ListShape.new(name: 'IdentitySources')
     InternalServerException = Shapes::StructureShape.new(name: 'InternalServerException')
+    InvalidStateException = Shapes::StructureShape.new(name: 'InvalidStateException')
     IpAddr = Shapes::StringShape.new(name: 'IpAddr')
     IsAuthorizedInput = Shapes::StructureShape.new(name: 'IsAuthorizedInput')
     IsAuthorizedOutput = Shapes::StructureShape.new(name: 'IsAuthorizedOutput')
@@ -128,6 +132,8 @@ module Aws::VerifiedPermissions
     ListPolicyStoresOutput = Shapes::StructureShape.new(name: 'ListPolicyStoresOutput')
     ListPolicyTemplatesInput = Shapes::StructureShape.new(name: 'ListPolicyTemplatesInput')
     ListPolicyTemplatesOutput = Shapes::StructureShape.new(name: 'ListPolicyTemplatesOutput')
+    ListTagsForResourceInput = Shapes::StructureShape.new(name: 'ListTagsForResourceInput')
+    ListTagsForResourceOutput = Shapes::StructureShape.new(name: 'ListTagsForResourceOutput')
     LongAttribute = Shapes::IntegerShape.new(name: 'LongAttribute')
     MaxResults = Shapes::IntegerShape.new(name: 'MaxResults')
     Namespace = Shapes::StringShape.new(name: 'Namespace')
@@ -187,12 +193,21 @@ module Aws::VerifiedPermissions
     StaticPolicyDescription = Shapes::StringShape.new(name: 'StaticPolicyDescription')
     String = Shapes::StringShape.new(name: 'String')
     StringAttribute = Shapes::StringShape.new(name: 'StringAttribute')
+    TagKey = Shapes::StringShape.new(name: 'TagKey')
+    TagKeyList = Shapes::ListShape.new(name: 'TagKeyList')
+    TagMap = Shapes::MapShape.new(name: 'TagMap')
+    TagResourceInput = Shapes::StructureShape.new(name: 'TagResourceInput')
+    TagResourceOutput = Shapes::StructureShape.new(name: 'TagResourceOutput')
+    TagValue = Shapes::StringShape.new(name: 'TagValue')
     TemplateLinkedPolicyDefinition = Shapes::StructureShape.new(name: 'TemplateLinkedPolicyDefinition')
     TemplateLinkedPolicyDefinitionDetail = Shapes::StructureShape.new(name: 'TemplateLinkedPolicyDefinitionDetail')
     TemplateLinkedPolicyDefinitionItem = Shapes::StructureShape.new(name: 'TemplateLinkedPolicyDefinitionItem')
     ThrottlingException = Shapes::StructureShape.new(name: 'ThrottlingException')
     TimestampFormat = Shapes::TimestampShape.new(name: 'TimestampFormat', timestampFormat: "iso8601")
     Token = Shapes::StringShape.new(name: 'Token')
+    TooManyTagsException = Shapes::StructureShape.new(name: 'TooManyTagsException')
+    UntagResourceInput = Shapes::StructureShape.new(name: 'UntagResourceInput')
+    UntagResourceOutput = Shapes::StructureShape.new(name: 'UntagResourceOutput')
     UpdateCognitoGroupConfiguration = Shapes::StructureShape.new(name: 'UpdateCognitoGroupConfiguration')
     UpdateCognitoUserPoolConfiguration = Shapes::StructureShape.new(name: 'UpdateCognitoUserPoolConfiguration')
     UpdateConfiguration = Shapes::UnionShape.new(name: 'UpdateConfiguration')
@@ -397,7 +412,7 @@ module Aws::VerifiedPermissions
     ContextMap.key = Shapes::ShapeRef.new(shape: String)
     ContextMap.value = Shapes::ShapeRef.new(shape: AttributeValue)
 
-    CreateIdentitySourceInput.add_member(:client_token, Shapes::ShapeRef.new(shape: IdempotencyToken, location_name: "clientToken", metadata: {"idempotencyToken"=>true}))
+    CreateIdentitySourceInput.add_member(:client_token, Shapes::ShapeRef.new(shape: IdempotencyToken, location_name: "clientToken", metadata: {"idempotencyToken" => true}))
     CreateIdentitySourceInput.add_member(:policy_store_id, Shapes::ShapeRef.new(shape: PolicyStoreId, required: true, location_name: "policyStoreId"))
     CreateIdentitySourceInput.add_member(:configuration, Shapes::ShapeRef.new(shape: Configuration, required: true, location_name: "configuration"))
     CreateIdentitySourceInput.add_member(:principal_entity_type, Shapes::ShapeRef.new(shape: PrincipalEntityType, location_name: "principalEntityType"))
@@ -409,7 +424,7 @@ module Aws::VerifiedPermissions
     CreateIdentitySourceOutput.add_member(:policy_store_id, Shapes::ShapeRef.new(shape: PolicyStoreId, required: true, location_name: "policyStoreId"))
     CreateIdentitySourceOutput.struct_class = Types::CreateIdentitySourceOutput
 
-    CreatePolicyInput.add_member(:client_token, Shapes::ShapeRef.new(shape: IdempotencyToken, location_name: "clientToken", metadata: {"idempotencyToken"=>true}))
+    CreatePolicyInput.add_member(:client_token, Shapes::ShapeRef.new(shape: IdempotencyToken, location_name: "clientToken", metadata: {"idempotencyToken" => true}))
     CreatePolicyInput.add_member(:policy_store_id, Shapes::ShapeRef.new(shape: PolicyStoreId, required: true, location_name: "policyStoreId"))
     CreatePolicyInput.add_member(:definition, Shapes::ShapeRef.new(shape: PolicyDefinition, required: true, location_name: "definition"))
     CreatePolicyInput.struct_class = Types::CreatePolicyInput
@@ -425,9 +440,11 @@ module Aws::VerifiedPermissions
     CreatePolicyOutput.add_member(:effect, Shapes::ShapeRef.new(shape: PolicyEffect, location_name: "effect"))
     CreatePolicyOutput.struct_class = Types::CreatePolicyOutput
 
-    CreatePolicyStoreInput.add_member(:client_token, Shapes::ShapeRef.new(shape: IdempotencyToken, location_name: "clientToken", metadata: {"idempotencyToken"=>true}))
+    CreatePolicyStoreInput.add_member(:client_token, Shapes::ShapeRef.new(shape: IdempotencyToken, location_name: "clientToken", metadata: {"idempotencyToken" => true}))
     CreatePolicyStoreInput.add_member(:validation_settings, Shapes::ShapeRef.new(shape: ValidationSettings, required: true, location_name: "validationSettings"))
     CreatePolicyStoreInput.add_member(:description, Shapes::ShapeRef.new(shape: PolicyStoreDescription, location_name: "description"))
+    CreatePolicyStoreInput.add_member(:deletion_protection, Shapes::ShapeRef.new(shape: DeletionProtection, location_name: "deletionProtection"))
+    CreatePolicyStoreInput.add_member(:tags, Shapes::ShapeRef.new(shape: TagMap, location_name: "tags"))
     CreatePolicyStoreInput.struct_class = Types::CreatePolicyStoreInput
 
     CreatePolicyStoreOutput.add_member(:policy_store_id, Shapes::ShapeRef.new(shape: PolicyStoreId, required: true, location_name: "policyStoreId"))
@@ -436,7 +453,7 @@ module Aws::VerifiedPermissions
     CreatePolicyStoreOutput.add_member(:last_updated_date, Shapes::ShapeRef.new(shape: TimestampFormat, required: true, location_name: "lastUpdatedDate"))
     CreatePolicyStoreOutput.struct_class = Types::CreatePolicyStoreOutput
 
-    CreatePolicyTemplateInput.add_member(:client_token, Shapes::ShapeRef.new(shape: IdempotencyToken, location_name: "clientToken", metadata: {"idempotencyToken"=>true}))
+    CreatePolicyTemplateInput.add_member(:client_token, Shapes::ShapeRef.new(shape: IdempotencyToken, location_name: "clientToken", metadata: {"idempotencyToken" => true}))
     CreatePolicyTemplateInput.add_member(:policy_store_id, Shapes::ShapeRef.new(shape: PolicyStoreId, required: true, location_name: "policyStoreId"))
     CreatePolicyTemplateInput.add_member(:description, Shapes::ShapeRef.new(shape: PolicyTemplateDescription, location_name: "description"))
     CreatePolicyTemplateInput.add_member(:statement, Shapes::ShapeRef.new(shape: PolicyStatement, required: true, location_name: "statement"))
@@ -516,7 +533,7 @@ module Aws::VerifiedPermissions
     GetIdentitySourceInput.struct_class = Types::GetIdentitySourceInput
 
     GetIdentitySourceOutput.add_member(:created_date, Shapes::ShapeRef.new(shape: TimestampFormat, required: true, location_name: "createdDate"))
-    GetIdentitySourceOutput.add_member(:details, Shapes::ShapeRef.new(shape: IdentitySourceDetails, deprecated: true, location_name: "details", metadata: {"deprecatedMessage"=>"This attribute has been replaced by configuration.cognitoUserPoolConfiguration"}))
+    GetIdentitySourceOutput.add_member(:details, Shapes::ShapeRef.new(shape: IdentitySourceDetails, deprecated: true, location_name: "details", metadata: {"deprecatedMessage" => "This attribute has been replaced by configuration.cognitoUserPoolConfiguration"}))
     GetIdentitySourceOutput.add_member(:identity_source_id, Shapes::ShapeRef.new(shape: IdentitySourceId, required: true, location_name: "identitySourceId"))
     GetIdentitySourceOutput.add_member(:last_updated_date, Shapes::ShapeRef.new(shape: TimestampFormat, required: true, location_name: "lastUpdatedDate"))
     GetIdentitySourceOutput.add_member(:policy_store_id, Shapes::ShapeRef.new(shape: PolicyStoreId, required: true, location_name: "policyStoreId"))
@@ -541,6 +558,7 @@ module Aws::VerifiedPermissions
     GetPolicyOutput.struct_class = Types::GetPolicyOutput
 
     GetPolicyStoreInput.add_member(:policy_store_id, Shapes::ShapeRef.new(shape: PolicyStoreId, required: true, location_name: "policyStoreId"))
+    GetPolicyStoreInput.add_member(:tags, Shapes::ShapeRef.new(shape: Boolean, location_name: "tags"))
     GetPolicyStoreInput.struct_class = Types::GetPolicyStoreInput
 
     GetPolicyStoreOutput.add_member(:policy_store_id, Shapes::ShapeRef.new(shape: PolicyStoreId, required: true, location_name: "policyStoreId"))
@@ -549,6 +567,9 @@ module Aws::VerifiedPermissions
     GetPolicyStoreOutput.add_member(:created_date, Shapes::ShapeRef.new(shape: TimestampFormat, required: true, location_name: "createdDate"))
     GetPolicyStoreOutput.add_member(:last_updated_date, Shapes::ShapeRef.new(shape: TimestampFormat, required: true, location_name: "lastUpdatedDate"))
     GetPolicyStoreOutput.add_member(:description, Shapes::ShapeRef.new(shape: PolicyStoreDescription, location_name: "description"))
+    GetPolicyStoreOutput.add_member(:deletion_protection, Shapes::ShapeRef.new(shape: DeletionProtection, location_name: "deletionProtection"))
+    GetPolicyStoreOutput.add_member(:cedar_version, Shapes::ShapeRef.new(shape: CedarVersion, location_name: "cedarVersion"))
+    GetPolicyStoreOutput.add_member(:tags, Shapes::ShapeRef.new(shape: TagMap, location_name: "tags"))
     GetPolicyStoreOutput.struct_class = Types::GetPolicyStoreOutput
 
     GetPolicyTemplateInput.add_member(:policy_store_id, Shapes::ShapeRef.new(shape: PolicyStoreId, required: true, location_name: "policyStoreId"))
@@ -573,10 +594,10 @@ module Aws::VerifiedPermissions
     GetSchemaOutput.add_member(:namespaces, Shapes::ShapeRef.new(shape: NamespaceList, location_name: "namespaces"))
     GetSchemaOutput.struct_class = Types::GetSchemaOutput
 
-    IdentitySourceDetails.add_member(:client_ids, Shapes::ShapeRef.new(shape: ClientIds, deprecated: true, location_name: "clientIds", metadata: {"deprecatedMessage"=>"This attribute has been replaced by configuration.cognitoUserPoolConfiguration.clientIds"}))
-    IdentitySourceDetails.add_member(:user_pool_arn, Shapes::ShapeRef.new(shape: UserPoolArn, deprecated: true, location_name: "userPoolArn", metadata: {"deprecatedMessage"=>"This attribute has been replaced by configuration.cognitoUserPoolConfiguration.userPoolArn"}))
-    IdentitySourceDetails.add_member(:discovery_url, Shapes::ShapeRef.new(shape: DiscoveryUrl, deprecated: true, location_name: "discoveryUrl", metadata: {"deprecatedMessage"=>"This attribute has been replaced by configuration.cognitoUserPoolConfiguration.issuer"}))
-    IdentitySourceDetails.add_member(:open_id_issuer, Shapes::ShapeRef.new(shape: OpenIdIssuer, deprecated: true, location_name: "openIdIssuer", metadata: {"deprecatedMessage"=>"This attribute has been replaced by configuration"}))
+    IdentitySourceDetails.add_member(:client_ids, Shapes::ShapeRef.new(shape: ClientIds, deprecated: true, location_name: "clientIds", metadata: {"deprecatedMessage" => "This attribute has been replaced by configuration.cognitoUserPoolConfiguration.clientIds"}))
+    IdentitySourceDetails.add_member(:user_pool_arn, Shapes::ShapeRef.new(shape: UserPoolArn, deprecated: true, location_name: "userPoolArn", metadata: {"deprecatedMessage" => "This attribute has been replaced by configuration.cognitoUserPoolConfiguration.userPoolArn"}))
+    IdentitySourceDetails.add_member(:discovery_url, Shapes::ShapeRef.new(shape: DiscoveryUrl, deprecated: true, location_name: "discoveryUrl", metadata: {"deprecatedMessage" => "This attribute has been replaced by configuration.cognitoUserPoolConfiguration.issuer"}))
+    IdentitySourceDetails.add_member(:open_id_issuer, Shapes::ShapeRef.new(shape: OpenIdIssuer, deprecated: true, location_name: "openIdIssuer", metadata: {"deprecatedMessage" => "This attribute has been replaced by configuration"}))
     IdentitySourceDetails.struct_class = Types::IdentitySourceDetails
 
     IdentitySourceFilter.add_member(:principal_entity_type, Shapes::ShapeRef.new(shape: PrincipalEntityType, location_name: "principalEntityType"))
@@ -585,7 +606,7 @@ module Aws::VerifiedPermissions
     IdentitySourceFilters.member = Shapes::ShapeRef.new(shape: IdentitySourceFilter)
 
     IdentitySourceItem.add_member(:created_date, Shapes::ShapeRef.new(shape: TimestampFormat, required: true, location_name: "createdDate"))
-    IdentitySourceItem.add_member(:details, Shapes::ShapeRef.new(shape: IdentitySourceItemDetails, deprecated: true, location_name: "details", metadata: {"deprecatedMessage"=>"This attribute has been replaced by configuration.cognitoUserPoolConfiguration"}))
+    IdentitySourceItem.add_member(:details, Shapes::ShapeRef.new(shape: IdentitySourceItemDetails, deprecated: true, location_name: "details", metadata: {"deprecatedMessage" => "This attribute has been replaced by configuration.cognitoUserPoolConfiguration"}))
     IdentitySourceItem.add_member(:identity_source_id, Shapes::ShapeRef.new(shape: IdentitySourceId, required: true, location_name: "identitySourceId"))
     IdentitySourceItem.add_member(:last_updated_date, Shapes::ShapeRef.new(shape: TimestampFormat, required: true, location_name: "lastUpdatedDate"))
     IdentitySourceItem.add_member(:policy_store_id, Shapes::ShapeRef.new(shape: PolicyStoreId, required: true, location_name: "policyStoreId"))
@@ -593,10 +614,10 @@ module Aws::VerifiedPermissions
     IdentitySourceItem.add_member(:configuration, Shapes::ShapeRef.new(shape: ConfigurationItem, location_name: "configuration"))
     IdentitySourceItem.struct_class = Types::IdentitySourceItem
 
-    IdentitySourceItemDetails.add_member(:client_ids, Shapes::ShapeRef.new(shape: ClientIds, deprecated: true, location_name: "clientIds", metadata: {"deprecatedMessage"=>"This attribute has been replaced by configuration.cognitoUserPoolConfiguration.clientIds"}))
-    IdentitySourceItemDetails.add_member(:user_pool_arn, Shapes::ShapeRef.new(shape: UserPoolArn, deprecated: true, location_name: "userPoolArn", metadata: {"deprecatedMessage"=>"This attribute has been replaced by configuration.cognitoUserPoolConfiguration.userPoolArn"}))
-    IdentitySourceItemDetails.add_member(:discovery_url, Shapes::ShapeRef.new(shape: DiscoveryUrl, deprecated: true, location_name: "discoveryUrl", metadata: {"deprecatedMessage"=>"This attribute has been replaced by configuration.cognitoUserPoolConfiguration.issuer"}))
-    IdentitySourceItemDetails.add_member(:open_id_issuer, Shapes::ShapeRef.new(shape: OpenIdIssuer, deprecated: true, location_name: "openIdIssuer", metadata: {"deprecatedMessage"=>"This attribute has been replaced by configuration"}))
+    IdentitySourceItemDetails.add_member(:client_ids, Shapes::ShapeRef.new(shape: ClientIds, deprecated: true, location_name: "clientIds", metadata: {"deprecatedMessage" => "This attribute has been replaced by configuration.cognitoUserPoolConfiguration.clientIds"}))
+    IdentitySourceItemDetails.add_member(:user_pool_arn, Shapes::ShapeRef.new(shape: UserPoolArn, deprecated: true, location_name: "userPoolArn", metadata: {"deprecatedMessage" => "This attribute has been replaced by configuration.cognitoUserPoolConfiguration.userPoolArn"}))
+    IdentitySourceItemDetails.add_member(:discovery_url, Shapes::ShapeRef.new(shape: DiscoveryUrl, deprecated: true, location_name: "discoveryUrl", metadata: {"deprecatedMessage" => "This attribute has been replaced by configuration.cognitoUserPoolConfiguration.issuer"}))
+    IdentitySourceItemDetails.add_member(:open_id_issuer, Shapes::ShapeRef.new(shape: OpenIdIssuer, deprecated: true, location_name: "openIdIssuer", metadata: {"deprecatedMessage" => "This attribute has been replaced by configuration"}))
     IdentitySourceItemDetails.struct_class = Types::IdentitySourceItemDetails
 
     IdentitySources.member = Shapes::ShapeRef.new(shape: IdentitySourceItem)
@@ -604,6 +625,9 @@ module Aws::VerifiedPermissions
     InternalServerException.add_member(:message, Shapes::ShapeRef.new(shape: String, required: true, location_name: "message"))
     InternalServerException.struct_class = Types::InternalServerException
 
+    InvalidStateException.add_member(:message, Shapes::ShapeRef.new(shape: String, required: true, location_name: "message"))
+    InvalidStateException.struct_class = Types::InvalidStateException
+
     IsAuthorizedInput.add_member(:policy_store_id, Shapes::ShapeRef.new(shape: PolicyStoreId, required: true, location_name: "policyStoreId"))
     IsAuthorizedInput.add_member(:principal, Shapes::ShapeRef.new(shape: EntityIdentifier, location_name: "principal"))
     IsAuthorizedInput.add_member(:action, Shapes::ShapeRef.new(shape: ActionIdentifier, location_name: "action"))
@@ -669,6 +693,12 @@ module Aws::VerifiedPermissions
     ListPolicyTemplatesOutput.add_member(:policy_templates, Shapes::ShapeRef.new(shape: PolicyTemplatesList, required: true, location_name: "policyTemplates"))
     ListPolicyTemplatesOutput.struct_class = Types::ListPolicyTemplatesOutput
 
+    ListTagsForResourceInput.add_member(:resource_arn, Shapes::ShapeRef.new(shape: AmazonResourceName, required: true, location_name: "resourceArn"))
+    ListTagsForResourceInput.struct_class = Types::ListTagsForResourceInput
+
+    ListTagsForResourceOutput.add_member(:tags, Shapes::ShapeRef.new(shape: TagMap, location_name: "tags"))
+    ListTagsForResourceOutput.struct_class = Types::ListTagsForResourceOutput
+
     NamespaceList.member = Shapes::ShapeRef.new(shape: Namespace)
 
     OpenIdConnectAccessTokenConfiguration.add_member(:principal_id_claim, Shapes::ShapeRef.new(shape: Claim, location_name: "principalIdClaim"))
@@ -863,6 +893,17 @@ module Aws::VerifiedPermissions
     StaticPolicyDefinitionItem.add_member(:description, Shapes::ShapeRef.new(shape: StaticPolicyDescription, location_name: "description"))
     StaticPolicyDefinitionItem.struct_class = Types::StaticPolicyDefinitionItem
 
+    TagKeyList.member = Shapes::ShapeRef.new(shape: TagKey)
+
+    TagMap.key = Shapes::ShapeRef.new(shape: TagKey)
+    TagMap.value = Shapes::ShapeRef.new(shape: TagValue)
+
+    TagResourceInput.add_member(:resource_arn, Shapes::ShapeRef.new(shape: AmazonResourceName, required: true, location_name: "resourceArn"))
+    TagResourceInput.add_member(:tags, Shapes::ShapeRef.new(shape: TagMap, required: true, location_name: "tags"))
+    TagResourceInput.struct_class = Types::TagResourceInput
+
+    TagResourceOutput.struct_class = Types::TagResourceOutput
+
     TemplateLinkedPolicyDefinition.add_member(:policy_template_id, Shapes::ShapeRef.new(shape: PolicyTemplateId, required: true, location_name: "policyTemplateId"))
     TemplateLinkedPolicyDefinition.add_member(:principal, Shapes::ShapeRef.new(shape: EntityIdentifier, location_name: "principal"))
     TemplateLinkedPolicyDefinition.add_member(:resource, Shapes::ShapeRef.new(shape: EntityIdentifier, location_name: "resource"))
@@ -883,6 +924,16 @@ module Aws::VerifiedPermissions
     ThrottlingException.add_member(:quota_code, Shapes::ShapeRef.new(shape: String, location_name: "quotaCode"))
     ThrottlingException.struct_class = Types::ThrottlingException
 
+    TooManyTagsException.add_member(:message, Shapes::ShapeRef.new(shape: String, location_name: "message"))
+    TooManyTagsException.add_member(:resource_name, Shapes::ShapeRef.new(shape: AmazonResourceName, location_name: "resourceName"))
+    TooManyTagsException.struct_class = Types::TooManyTagsException
+
+    UntagResourceInput.add_member(:resource_arn, Shapes::ShapeRef.new(shape: AmazonResourceName, required: true, location_name: "resourceArn"))
+    UntagResourceInput.add_member(:tag_keys, Shapes::ShapeRef.new(shape: TagKeyList, required: true, location_name: "tagKeys"))
+    UntagResourceInput.struct_class = Types::UntagResourceInput
+
+    UntagResourceOutput.struct_class = Types::UntagResourceOutput
+
     UpdateCognitoGroupConfiguration.add_member(:group_entity_type, Shapes::ShapeRef.new(shape: GroupEntityType, required: true, location_name: "groupEntityType"))
     UpdateCognitoGroupConfiguration.struct_class = Types::UpdateCognitoGroupConfiguration
 
@@ -961,6 +1012,7 @@ module Aws::VerifiedPermissions
 
     UpdatePolicyStoreInput.add_member(:policy_store_id, Shapes::ShapeRef.new(shape: PolicyStoreId, required: true, location_name: "policyStoreId"))
     UpdatePolicyStoreInput.add_member(:validation_settings, Shapes::ShapeRef.new(shape: ValidationSettings, required: true, location_name: "validationSettings"))
+    UpdatePolicyStoreInput.add_member(:deletion_protection, Shapes::ShapeRef.new(shape: DeletionProtection, location_name: "deletionProtection"))
     UpdatePolicyStoreInput.add_member(:description, Shapes::ShapeRef.new(shape: PolicyStoreDescription, location_name: "description"))
     UpdatePolicyStoreInput.struct_class = Types::UpdatePolicyStoreInput
 
@@ -1152,6 +1204,7 @@ module Aws::VerifiedPermissions
         o.input = Shapes::ShapeRef.new(shape: DeletePolicyStoreInput)
         o.output = Shapes::ShapeRef.new(shape: DeletePolicyStoreOutput)
         o.errors << Shapes::ShapeRef.new(shape: ValidationException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidStateException)
         o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
         o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
         o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
@@ -1337,6 +1390,19 @@ module Aws::VerifiedPermissions
         )
       end)
 
+      api.add_operation(:list_tags_for_resource, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "ListTagsForResource"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: ListTagsForResourceInput)
+        o.output = Shapes::ShapeRef.new(shape: ListTagsForResourceOutput)
+        o.errors << Shapes::ShapeRef.new(shape: ValidationException)
+        o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
+        o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
+        o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
+      end)
+
       api.add_operation(:put_schema, Seahorse::Model::Operation.new.tap do |o|
         o.name = "PutSchema"
         o.http_method = "POST"
@@ -1352,6 +1418,33 @@ module Aws::VerifiedPermissions
         o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
       end)
 
+      api.add_operation(:tag_resource, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "TagResource"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: TagResourceInput)
+        o.output = Shapes::ShapeRef.new(shape: TagResourceOutput)
+        o.errors << Shapes::ShapeRef.new(shape: ValidationException)
+        o.errors << Shapes::ShapeRef.new(shape: TooManyTagsException)
+        o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
+        o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
+        o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
+      end)
+
+      api.add_operation(:untag_resource, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "UntagResource"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: UntagResourceInput)
+        o.output = Shapes::ShapeRef.new(shape: UntagResourceOutput)
+        o.errors << Shapes::ShapeRef.new(shape: ValidationException)
+        o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
+        o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
+        o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
+      end)
+
       api.add_operation(:update_identity_source, Seahorse::Model::Operation.new.tap do |o|
         o.name = "UpdateIdentitySource"
         o.http_method = "POST"

data/lib/aws-sdk-verifiedpermissions/errors.rb

@@ -30,9 +30,11 @@ module Aws::VerifiedPermissions
   # * {AccessDeniedException}
   # * {ConflictException}
   # * {InternalServerException}
+  # * {InvalidStateException}
   # * {ResourceNotFoundException}
   # * {ServiceQuotaExceededException}
   # * {ThrottlingException}
+  # * {TooManyTagsException}
   # * {ValidationException}
   #
   # Additionally, error classes are dynamically generated for service errors based on the error code
@@ -95,6 +97,21 @@ module Aws::VerifiedPermissions
       end
     end
 
+    class InvalidStateException < ServiceError
+
+      # @param [Seahorse::Client::RequestContext] context
+      # @param [String] message
+      # @param [Aws::VerifiedPermissions::Types::InvalidStateException] data
+      def initialize(context, message, data = Aws::EmptyStructure.new)
+        super(context, message, data)
+      end
+
+      # @return [String]
+      def message
+        @message || @data[:message]
+      end
+    end
+
     class ResourceNotFoundException < ServiceError
 
       # @param [Seahorse::Client::RequestContext] context
@@ -188,6 +205,26 @@ module Aws::VerifiedPermissions
       end
     end
 
+    class TooManyTagsException < ServiceError
+
+      # @param [Seahorse::Client::RequestContext] context
+      # @param [String] message
+      # @param [Aws::VerifiedPermissions::Types::TooManyTagsException] data
+      def initialize(context, message, data = Aws::EmptyStructure.new)
+        super(context, message, data)
+      end
+
+      # @return [String]
+      def message
+        @message || @data[:message]
+      end
+
+      # @return [String]
+      def resource_name
+        @data[:resource_name]
+      end
+    end
+
     class ValidationException < ServiceError
 
       # @param [Seahorse::Client::RequestContext] context

data/lib/aws-sdk-verifiedpermissions/types.rb

@@ -319,9 +319,11 @@ module Aws::VerifiedPermissions
     #   @return [String]
     #
     # @!attribute [rw] entities
-    #   Specifies the list of resources and principals and their associated
-    #   attributes that Verified Permissions can examine when evaluating the
-    #   policies.
+    #   (Optional) Specifies the list of resources and principals and their
+    #   associated attributes that Verified Permissions can examine when
+    #   evaluating the policies. These additional entities and their
+    #   attributes can be referenced and checked by conditional elements in
+    #   the policies in the specified policy store.
     #
     #   <note markdown="1"> You can include only principal and resource entities in this
     #   parameter; you can't include actions. You must specify actions in
@@ -460,8 +462,11 @@ module Aws::VerifiedPermissions
     #   @return [String]
     #
     # @!attribute [rw] entities
-    #   Specifies the list of resources and their associated attributes that
-    #   Verified Permissions can examine when evaluating the policies.
+    #   (Optional) Specifies the list of resources and their associated
+    #   attributes that Verified Permissions can examine when evaluating the
+    #   policies. These additional entities and their attributes can be
+    #   referenced and checked by conditional elements in the policies in
+    #   the specified policy store.
     #
     #   You can't include principals in this parameter, only resource and
     #   action entities. This parameter can't include any entities of a
@@ -1300,12 +1305,25 @@ module Aws::VerifiedPermissions
     #   the current policy store.
     #   @return [String]
     #
+    # @!attribute [rw] deletion_protection
+    #   Specifies whether the policy store can be deleted. If enabled, the
+    #   policy store can't be deleted.
+    #
+    #   The default state is `DISABLED`.
+    #   @return [String]
+    #
+    # @!attribute [rw] tags
+    #   The list of key-value pairs to associate with the policy store.
+    #   @return [Hash<String,String>]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/CreatePolicyStoreInput AWS API Documentation
     #
     class CreatePolicyStoreInput < Struct.new(
       :client_token,
       :validation_settings,
-      :description)
+      :description,
+      :deletion_protection,
+      :tags)
       SENSITIVE = [:description]
       include Aws::Structure
     end
@@ -1870,10 +1888,23 @@ module Aws::VerifiedPermissions
     #   about.
     #   @return [String]
     #
+    # @!attribute [rw] tags
+    #   Specifies whether to return the tags that are attached to the policy
+    #   store. If this parameter is included in the API call, the tags are
+    #   returned, otherwise they are not returned.
+    #
+    #   <note markdown="1"> If this parameter is included in the API call but there are no tags
+    #   attached to the policy store, the `tags` response parameter is
+    #   omitted from the response.
+    #
+    #    </note>
+    #   @return [Boolean]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/GetPolicyStoreInput AWS API Documentation
     #
     class GetPolicyStoreInput < Struct.new(
-      :policy_store_id)
+      :policy_store_id,
+      :tags)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -1903,6 +1934,27 @@ module Aws::VerifiedPermissions
     #   the current policy store.
     #   @return [String]
     #
+    # @!attribute [rw] deletion_protection
+    #   Specifies whether the policy store can be deleted. If enabled, the
+    #   policy store can't be deleted.
+    #
+    #   The default state is `DISABLED`.
+    #   @return [String]
+    #
+    # @!attribute [rw] cedar_version
+    #   The version of the Cedar language used with policies, policy
+    #   templates, and schemas in this policy store. For more information,
+    #   see [Amazon Verified Permissions upgrade to Cedar v4 FAQ][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/verifiedpermissions/latest/userguide/cedar4-faq.html
+    #   @return [String]
+    #
+    # @!attribute [rw] tags
+    #   The list of tags associated with the policy store.
+    #   @return [Hash<String,String>]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/GetPolicyStoreOutput AWS API Documentation
     #
     class GetPolicyStoreOutput < Struct.new(
@@ -1911,7 +1963,10 @@ module Aws::VerifiedPermissions
       :validation_settings,
       :created_date,
       :last_updated_date,
-      :description)
+      :description,
+      :deletion_protection,
+      :cedar_version,
+      :tags)
       SENSITIVE = [:description]
       include Aws::Structure
     end
@@ -2211,6 +2266,20 @@ module Aws::VerifiedPermissions
       include Aws::Structure
     end
 
+    # The policy store can't be deleted because deletion protection is
+    # enabled. To delete this policy store, disable deletion protection.
+    #
+    # @!attribute [rw] message
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/InvalidStateException AWS API Documentation
+    #
+    class InvalidStateException < Struct.new(
+      :message)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] policy_store_id
     #   Specifies the ID of the policy store. Policies in this policy store
     #   will be used to make an authorization decision for the input.
@@ -2237,9 +2306,11 @@ module Aws::VerifiedPermissions
     #   @return [Types::ContextDefinition]
     #
     # @!attribute [rw] entities
-    #   Specifies the list of resources and principals and their associated
-    #   attributes that Verified Permissions can examine when evaluating the
-    #   policies.
+    #   (Optional) Specifies the list of resources and principals and their
+    #   associated attributes that Verified Permissions can examine when
+    #   evaluating the policies. These additional entities and their
+    #   attributes can be referenced and checked by conditional elements in
+    #   the policies in the specified policy store.
     #
     #   <note markdown="1"> You can include only principal and resource entities in this
     #   parameter; you can't include actions. You must specify actions in
@@ -2335,8 +2406,11 @@ module Aws::VerifiedPermissions
     #   @return [Types::ContextDefinition]
     #
     # @!attribute [rw] entities
-    #   Specifies the list of resources and their associated attributes that
-    #   Verified Permissions can examine when evaluating the policies.
+    #   (Optional) Specifies the list of resources and their associated
+    #   attributes that Verified Permissions can examine when evaluating the
+    #   policies. These additional entities and their attributes can be
+    #   referenced and checked by conditional elements in the policies in
+    #   the specified policy store.
     #
     #   You can't include principals in this parameter, only resource and
     #   action entities. This parameter can't include any entities of a
@@ -2651,6 +2725,30 @@ module Aws::VerifiedPermissions
       include Aws::Structure
     end
 
+    # @!attribute [rw] resource_arn
+    #   The ARN of the resource for which you want to view tags.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/ListTagsForResourceInput AWS API Documentation
+    #
+    class ListTagsForResourceInput < Struct.new(
+      :resource_arn)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] tags
+    #   The list of tags associated with the resource.
+    #   @return [Hash<String,String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/ListTagsForResourceOutput AWS API Documentation
+    #
+    class ListTagsForResourceOutput < Struct.new(
+      :tags)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # The configuration of an OpenID Connect (OIDC) identity source for
     # handling access token claims. Contains the claim that you want to
     # identify as the principal in an authorization request, and the values
@@ -3784,6 +3882,27 @@ module Aws::VerifiedPermissions
       include Aws::Structure
     end
 
+    # @!attribute [rw] resource_arn
+    #   The ARN of the resource that you're adding tags to.
+    #   @return [String]
+    #
+    # @!attribute [rw] tags
+    #   The list of key-value pairs to associate with the resource.
+    #   @return [Hash<String,String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/TagResourceInput AWS API Documentation
+    #
+    class TagResourceInput < Struct.new(
+      :resource_arn,
+      :tags)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/TagResourceOutput AWS API Documentation
+    #
+    class TagResourceOutput < Aws::EmptyStructure; end
+
     # Contains information about a policy created by instantiating a policy
     # template.
     #
@@ -3906,6 +4025,46 @@ module Aws::VerifiedPermissions
       include Aws::Structure
     end
 
+    # No more tags be added because the limit (50) has been reached. To add
+    # new tags, use `UntagResource` to remove existing tags.
+    #
+    # @!attribute [rw] message
+    #   @return [String]
+    #
+    # @!attribute [rw] resource_name
+    #   An Amazon Resource Name (ARN) uniquely identifies an AWS resource.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/TooManyTagsException AWS API Documentation
+    #
+    class TooManyTagsException < Struct.new(
+      :message,
+      :resource_name)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] resource_arn
+    #   The ARN of the resource from which you are removing tags.
+    #   @return [String]
+    #
+    # @!attribute [rw] tag_keys
+    #   The list of tag keys to remove from the resource.
+    #   @return [Array<String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/UntagResourceInput AWS API Documentation
+    #
+    class UntagResourceInput < Struct.new(
+      :resource_arn,
+      :tag_keys)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/UntagResourceOutput AWS API Documentation
+    #
+    class UntagResourceOutput < Aws::EmptyStructure; end
+
     # The user group entities from an Amazon Cognito user pool identity
     # source.
     #
@@ -4383,6 +4542,14 @@ module Aws::VerifiedPermissions
     #   for the policy store.
     #   @return [Types::ValidationSettings]
     #
+    # @!attribute [rw] deletion_protection
+    #   Specifies whether the policy store can be deleted. If enabled, the
+    #   policy store can't be deleted.
+    #
+    #   When you call `UpdatePolicyStore`, this parameter is unchanged
+    #   unless explicitly included in the call.
+    #   @return [String]
+    #
     # @!attribute [rw] description
     #   Descriptive text that you can provide to help with identification of
     #   the current policy store.
@@ -4393,6 +4560,7 @@ module Aws::VerifiedPermissions
     class UpdatePolicyStoreInput < Struct.new(
       :policy_store_id,
       :validation_settings,
+      :deletion_protection,
       :description)
       SENSITIVE = [:description]
       include Aws::Structure

data/lib/aws-sdk-verifiedpermissions.rb

@@ -55,7 +55,7 @@ module Aws::VerifiedPermissions
   autoload :EndpointProvider, 'aws-sdk-verifiedpermissions/endpoint_provider'
   autoload :Endpoints, 'aws-sdk-verifiedpermissions/endpoints'
 
-  GEM_VERSION = '1.42.0'
+  GEM_VERSION = '1.44.0'
 
 end
 

data/sig/client.rbs

@@ -280,7 +280,9 @@ module Aws
                                  validation_settings: {
                                    mode: ("OFF" | "STRICT")
                                  },
-                                 ?description: ::String
+                                 ?description: ::String,
+                                 ?deletion_protection: ("ENABLED" | "DISABLED"),
+                                 ?tags: Hash[::String, ::String]
                                ) -> _CreatePolicyStoreResponseSuccess
                              | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _CreatePolicyStoreResponseSuccess
 
@@ -384,10 +386,14 @@ module Aws
         def created_date: () -> ::Time
         def last_updated_date: () -> ::Time
         def description: () -> ::String
+        def deletion_protection: () -> ("ENABLED" | "DISABLED")
+        def cedar_version: () -> ("CEDAR_2" | "CEDAR_4")
+        def tags: () -> ::Hash[::String, ::String]
       end
       # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/VerifiedPermissions/Client.html#get_policy_store-instance_method
       def get_policy_store: (
-                              policy_store_id: ::String
+                              policy_store_id: ::String,
+                              ?tags: bool
                             ) -> _GetPolicyStoreResponseSuccess
                           | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _GetPolicyStoreResponseSuccess
 
@@ -586,6 +592,16 @@ module Aws
                                  ) -> _ListPolicyTemplatesResponseSuccess
                                | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _ListPolicyTemplatesResponseSuccess
 
+      interface _ListTagsForResourceResponseSuccess
+        include ::Seahorse::Client::_ResponseSuccess[Types::ListTagsForResourceOutput]
+        def tags: () -> ::Hash[::String, ::String]
+      end
+      # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/VerifiedPermissions/Client.html#list_tags_for_resource-instance_method
+      def list_tags_for_resource: (
+                                    resource_arn: ::String
+                                  ) -> _ListTagsForResourceResponseSuccess
+                                | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _ListTagsForResourceResponseSuccess
+
       interface _PutSchemaResponseSuccess
         include ::Seahorse::Client::_ResponseSuccess[Types::PutSchemaOutput]
         def policy_store_id: () -> ::String
@@ -602,6 +618,26 @@ module Aws
                       ) -> _PutSchemaResponseSuccess
                     | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _PutSchemaResponseSuccess
 
+      interface _TagResourceResponseSuccess
+        include ::Seahorse::Client::_ResponseSuccess[Types::TagResourceOutput]
+      end
+      # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/VerifiedPermissions/Client.html#tag_resource-instance_method
+      def tag_resource: (
+                          resource_arn: ::String,
+                          tags: Hash[::String, ::String]
+                        ) -> _TagResourceResponseSuccess
+                      | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _TagResourceResponseSuccess
+
+      interface _UntagResourceResponseSuccess
+        include ::Seahorse::Client::_ResponseSuccess[Types::UntagResourceOutput]
+      end
+      # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/VerifiedPermissions/Client.html#untag_resource-instance_method
+      def untag_resource: (
+                            resource_arn: ::String,
+                            tag_keys: Array[::String]
+                          ) -> _UntagResourceResponseSuccess
+                        | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _UntagResourceResponseSuccess
+
       interface _UpdateIdentitySourceResponseSuccess
         include ::Seahorse::Client::_ResponseSuccess[Types::UpdateIdentitySourceOutput]
         def created_date: () -> ::Time
@@ -682,6 +718,7 @@ module Aws
                                  validation_settings: {
                                    mode: ("OFF" | "STRICT")
                                  },
+                                 ?deletion_protection: ("ENABLED" | "DISABLED"),
                                  ?description: ::String
                                ) -> _UpdatePolicyStoreResponseSuccess
                              | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _UpdatePolicyStoreResponseSuccess

data/sig/errors.rbs

@@ -21,6 +21,9 @@ module Aws
       class InternalServerException < ::Aws::Errors::ServiceError
         def message: () -> ::String
       end
+      class InvalidStateException < ::Aws::Errors::ServiceError
+        def message: () -> ::String
+      end
       class ResourceNotFoundException < ::Aws::Errors::ServiceError
         def message: () -> ::String
         def resource_id: () -> ::String
@@ -38,6 +41,10 @@ module Aws
         def service_code: () -> ::String
         def quota_code: () -> ::String
       end
+      class TooManyTagsException < ::Aws::Errors::ServiceError
+        def message: () -> ::String
+        def resource_name: () -> ::String
+      end
       class ValidationException < ::Aws::Errors::ServiceError
         def message: () -> ::String
         def field_list: () -> ::String

data/sig/types.rbs

@@ -284,6 +284,8 @@ module Aws::VerifiedPermissions
       attr_accessor client_token: ::String
       attr_accessor validation_settings: Types::ValidationSettings
       attr_accessor description: ::String
+      attr_accessor deletion_protection: ("ENABLED" | "DISABLED")
+      attr_accessor tags: ::Hash[::String, ::String]
       SENSITIVE: [:description]
     end
 
@@ -436,6 +438,7 @@ module Aws::VerifiedPermissions
 
     class GetPolicyStoreInput
       attr_accessor policy_store_id: ::String
+      attr_accessor tags: bool
       SENSITIVE: []
     end
 
@@ -446,6 +449,9 @@ module Aws::VerifiedPermissions
       attr_accessor created_date: ::Time
       attr_accessor last_updated_date: ::Time
       attr_accessor description: ::String
+      attr_accessor deletion_protection: ("ENABLED" | "DISABLED")
+      attr_accessor cedar_version: ("CEDAR_2" | "CEDAR_4")
+      attr_accessor tags: ::Hash[::String, ::String]
       SENSITIVE: [:description]
     end
 
@@ -516,6 +522,11 @@ module Aws::VerifiedPermissions
       SENSITIVE: []
     end
 
+    class InvalidStateException
+      attr_accessor message: ::String
+      SENSITIVE: []
+    end
+
     class IsAuthorizedInput
       attr_accessor policy_store_id: ::String
       attr_accessor principal: Types::EntityIdentifier
@@ -605,6 +616,16 @@ module Aws::VerifiedPermissions
       SENSITIVE: []
     end
 
+    class ListTagsForResourceInput
+      attr_accessor resource_arn: ::String
+      SENSITIVE: []
+    end
+
+    class ListTagsForResourceOutput
+      attr_accessor tags: ::Hash[::String, ::String]
+      SENSITIVE: []
+    end
+
     class OpenIdConnectAccessTokenConfiguration
       attr_accessor principal_id_claim: ::String
       attr_accessor audiences: ::Array[::String]
@@ -871,6 +892,15 @@ module Aws::VerifiedPermissions
       SENSITIVE: [:description]
     end
 
+    class TagResourceInput
+      attr_accessor resource_arn: ::String
+      attr_accessor tags: ::Hash[::String, ::String]
+      SENSITIVE: []
+    end
+
+    class TagResourceOutput < Aws::EmptyStructure
+    end
+
     class TemplateLinkedPolicyDefinition
       attr_accessor policy_template_id: ::String
       attr_accessor principal: Types::EntityIdentifier
@@ -899,6 +929,21 @@ module Aws::VerifiedPermissions
       SENSITIVE: []
     end
 
+    class TooManyTagsException
+      attr_accessor message: ::String
+      attr_accessor resource_name: ::String
+      SENSITIVE: []
+    end
+
+    class UntagResourceInput
+      attr_accessor resource_arn: ::String
+      attr_accessor tag_keys: ::Array[::String]
+      SENSITIVE: []
+    end
+
+    class UntagResourceOutput < Aws::EmptyStructure
+    end
+
     class UpdateCognitoGroupConfiguration
       attr_accessor group_entity_type: ::String
       SENSITIVE: [:group_entity_type]
@@ -1015,6 +1060,7 @@ module Aws::VerifiedPermissions
     class UpdatePolicyStoreInput
       attr_accessor policy_store_id: ::String
       attr_accessor validation_settings: Types::ValidationSettings
+      attr_accessor deletion_protection: ("ENABLED" | "DISABLED")
       attr_accessor description: ::String
       SENSITIVE: [:description]
     end

metadata

@@ -1,14 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-verifiedpermissions
 version: !ruby/object:Gem::Version
-  version: 1.42.0
+  version: 1.44.0
 platform: ruby
 authors:
 - Amazon Web Services
-autorequire:
 bindir: bin
 cert_chain: []
-date: 2025-02-18 00:00:00.000000000 Z
+date: 1980-01-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core
@@ -78,7 +77,6 @@ licenses:
 metadata:
   source_code_uri: https://github.com/aws/aws-sdk-ruby/tree/version-3/gems/aws-sdk-verifiedpermissions
   changelog_uri: https://github.com/aws/aws-sdk-ruby/tree/version-3/gems/aws-sdk-verifiedpermissions/CHANGELOG.md
-post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -93,8 +91,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.4.10
-signing_key:
+rubygems_version: 3.6.7
 specification_version: 4
 summary: AWS SDK for Ruby - Amazon Verified Permissions
 test_files: []