@aws-sdk/client-verifiedpermissions 3.971.0 → 3.974.0

package/dist-cjs/index.js

@@ -341,6 +341,8 @@ const _EIn = "EntityIdentifier";
 const _EInt = "EntityItem";
 const _EL = "EntityList";
 const _ER = "EntityReference";
+const _ES = "EncryptionSettings";
+const _ESn = "EncryptionState";
 const _ET = "EntityType";
 const _GET = "GroupEntityType";
 const _GIS = "GetIdentitySource";
@@ -373,6 +375,8 @@ const _ISF = "IdentitySourceFilter";
 const _ISFd = "IdentitySourceFilters";
 const _ISI = "IdentitySourceItem";
 const _ISID = "IdentitySourceItemDetails";
+const _KES = "KmsEncryptionSettings";
+const _KESm = "KmsEncryptionState";
 const _LA = "LongAttribute";
 const _LIS = "ListIdentitySources";
 const _LISI = "ListIdentitySourcesInput";
@@ -503,15 +507,19 @@ const _dU = "discoveryUrl";
 const _da = "datetime";
 const _de = "decision";
 const _dec = "decimal";
+const _def = "default";
 const _des = "description";
 const _det = "details";
 const _du = "duration";
 const _e = "error";
+const _eC = "encryptionContext";
 const _eD = "errorDescription";
 const _eI = "entityId";
 const _eIP = "entityIdPrefix";
 const _eIn = "entityIdentifier";
 const _eL = "entityList";
+const _eS = "encryptionSettings";
+const _eSn = "encryptionState";
 const _eT = "entityType";
 const _ef = "effect";
 const _en = "entities";
@@ -530,6 +538,9 @@ const _iT = "identityToken";
 const _iTO = "identityTokenOnly";
 const _id = "identifier";
 const _ip = "ipaddr";
+const _k = "key";
+const _kES = "kmsEncryptionSettings";
+const _kESm = "kmsEncryptionState";
 const _l = "long";
 const _lUD = "lastUpdatedDate";
 const _m = "message";
@@ -737,8 +748,8 @@ var CreatePolicyOutput$ = [3, n0, _CPO,
 ];
 var CreatePolicyStoreInput$ = [3, n0, _CPSI,
     0,
-    [_vS, _cT, _des, _dPe, _t],
-    [() => ValidationSettings$, [0, 4], [() => PolicyStoreDescription, 0], 0, 128 | 0], 1
+    [_vS, _cT, _des, _dPe, _eS, _t],
+    [() => ValidationSettings$, [0, 4], [() => PolicyStoreDescription, 0], 0, () => EncryptionSettings$, 128 | 0], 1
 ];
 var CreatePolicyStoreOutput$ = [3, n0, _CPSO,
     0,
@@ -842,8 +853,8 @@ var GetPolicyStoreInput$ = [3, n0, _GPSI,
 ];
 var GetPolicyStoreOutput$ = [3, n0, _GPSO,
     0,
-    [_pSI, _ar, _vS, _cD, _lUD, _des, _dPe, _cV, _t],
-    [0, 0, () => ValidationSettings$, 5, 5, [() => PolicyStoreDescription, 0], 0, 0, 128 | 0], 5
+    [_pSI, _ar, _vS, _cD, _lUD, _des, _dPe, _eSn, _cV, _t],
+    [0, 0, () => ValidationSettings$, 5, 5, [() => PolicyStoreDescription, 0], 0, () => EncryptionState$, 0, 128 | 0], 5
 ];
 var GetPolicyTemplateInput$ = [3, n0, _GPTI,
     0,
@@ -917,6 +928,16 @@ var IsAuthorizedWithTokenOutput$ = [3, n0, _IAWTO,
     [_de, _dP, _er, _p],
     [0, () => DeterminingPolicyList, [() => EvaluationErrorList, 0], [() => EntityIdentifier$, 0]], 3
 ];
+var KmsEncryptionSettings$ = [3, n0, _KES,
+    0,
+    [_k, _eC],
+    [0, 128 | 0], 1
+];
+var KmsEncryptionState$ = [3, n0, _KESm,
+    0,
+    [_k, _eC],
+    [0, 128 | 0], 2
+];
 var ListIdentitySourcesInput$ = [3, n0, _LISI,
     0,
     [_pSI, _nT, _mR, _f],
@@ -1179,7 +1200,7 @@ var UpdateOpenIdConnectIdentityTokenConfiguration$ = [3, n0, _UOICITC,
 var UpdatePolicyInput$ = [3, n0, _UPI,
     0,
     [_pSI, _pI, _d],
-    [0, 0, [() => UpdatePolicyDefinition$, 0]], 3
+    [0, 0, [() => UpdatePolicyDefinition$, 0]], 2
 ];
 var UpdatePolicyOutput$ = [3, n0, _UPO,
     0,
@@ -1227,6 +1248,7 @@ var ValidationSettings$ = [3, n0, _VS,
     [_mo],
     [0], 1
 ];
+var __Unit = "unit";
 var VerifiedPermissionsServiceException$ = [-3, _sm, "VerifiedPermissionsServiceException", 0, [], []];
 schema.TypeRegistry.for(_sm).registerError(VerifiedPermissionsServiceException$, VerifiedPermissionsServiceException);
 var ActionIdentifierList = [1, n0, _AIL,
@@ -1376,6 +1398,16 @@ var ContextDefinition$ = [4, n0, _CDo,
     [_cM, _cJ],
     [[() => ContextMap, 0], [() => CedarJson, 0]]
 ];
+var EncryptionSettings$ = [4, n0, _ES,
+    0,
+    [_kES, _def],
+    [() => KmsEncryptionSettings$, () => __Unit]
+];
+var EncryptionState$ = [4, n0, _ESn,
+    0,
+    [_kESm, _def],
+    [() => KmsEncryptionState$, () => __Unit]
+];
 var EntitiesDefinition$ = [4, n0, _ED,
     0,
     [_eL, _cJ],
@@ -2051,6 +2083,8 @@ exports.DeletePolicyTemplateInput$ = DeletePolicyTemplateInput$;
 exports.DeletePolicyTemplateOutput$ = DeletePolicyTemplateOutput$;
 exports.DeletionProtection = DeletionProtection;
 exports.DeterminingPolicyItem$ = DeterminingPolicyItem$;
+exports.EncryptionSettings$ = EncryptionSettings$;
+exports.EncryptionState$ = EncryptionState$;
 exports.EntitiesDefinition$ = EntitiesDefinition$;
 exports.EntityIdentifier$ = EntityIdentifier$;
 exports.EntityItem$ = EntityItem$;
@@ -2092,6 +2126,8 @@ exports.IsAuthorizedWithToken$ = IsAuthorizedWithToken$;
 exports.IsAuthorizedWithTokenCommand = IsAuthorizedWithTokenCommand;
 exports.IsAuthorizedWithTokenInput$ = IsAuthorizedWithTokenInput$;
 exports.IsAuthorizedWithTokenOutput$ = IsAuthorizedWithTokenOutput$;
+exports.KmsEncryptionSettings$ = KmsEncryptionSettings$;
+exports.KmsEncryptionState$ = KmsEncryptionState$;
 exports.ListIdentitySources$ = ListIdentitySources$;
 exports.ListIdentitySourcesCommand = ListIdentitySourcesCommand;
 exports.ListIdentitySourcesInput$ = ListIdentitySourcesInput$;

package/dist-es/schemas/schemas_0.js

@@ -87,6 +87,8 @@ const _EIn = "EntityIdentifier";
 const _EInt = "EntityItem";
 const _EL = "EntityList";
 const _ER = "EntityReference";
+const _ES = "EncryptionSettings";
+const _ESn = "EncryptionState";
 const _ET = "EntityType";
 const _GET = "GroupEntityType";
 const _GIS = "GetIdentitySource";
@@ -119,6 +121,8 @@ const _ISF = "IdentitySourceFilter";
 const _ISFd = "IdentitySourceFilters";
 const _ISI = "IdentitySourceItem";
 const _ISID = "IdentitySourceItemDetails";
+const _KES = "KmsEncryptionSettings";
+const _KESm = "KmsEncryptionState";
 const _LA = "LongAttribute";
 const _LIS = "ListIdentitySources";
 const _LISI = "ListIdentitySourcesInput";
@@ -249,15 +253,19 @@ const _dU = "discoveryUrl";
 const _da = "datetime";
 const _de = "decision";
 const _dec = "decimal";
+const _def = "default";
 const _des = "description";
 const _det = "details";
 const _du = "duration";
 const _e = "error";
+const _eC = "encryptionContext";
 const _eD = "errorDescription";
 const _eI = "entityId";
 const _eIP = "entityIdPrefix";
 const _eIn = "entityIdentifier";
 const _eL = "entityList";
+const _eS = "encryptionSettings";
+const _eSn = "encryptionState";
 const _eT = "entityType";
 const _ef = "effect";
 const _en = "entities";
@@ -276,6 +284,9 @@ const _iT = "identityToken";
 const _iTO = "identityTokenOnly";
 const _id = "identifier";
 const _ip = "ipaddr";
+const _k = "key";
+const _kES = "kmsEncryptionSettings";
+const _kESm = "kmsEncryptionState";
 const _l = "long";
 const _lUD = "lastUpdatedDate";
 const _m = "message";
@@ -486,8 +497,8 @@ export var CreatePolicyOutput$ = [3, n0, _CPO,
 ];
 export var CreatePolicyStoreInput$ = [3, n0, _CPSI,
     0,
-    [_vS, _cT, _des, _dPe, _t],
-    [() => ValidationSettings$, [0, 4], [() => PolicyStoreDescription, 0], 0, 128 | 0], 1
+    [_vS, _cT, _des, _dPe, _eS, _t],
+    [() => ValidationSettings$, [0, 4], [() => PolicyStoreDescription, 0], 0, () => EncryptionSettings$, 128 | 0], 1
 ];
 export var CreatePolicyStoreOutput$ = [3, n0, _CPSO,
     0,
@@ -591,8 +602,8 @@ export var GetPolicyStoreInput$ = [3, n0, _GPSI,
 ];
 export var GetPolicyStoreOutput$ = [3, n0, _GPSO,
     0,
-    [_pSI, _ar, _vS, _cD, _lUD, _des, _dPe, _cV, _t],
-    [0, 0, () => ValidationSettings$, 5, 5, [() => PolicyStoreDescription, 0], 0, 0, 128 | 0], 5
+    [_pSI, _ar, _vS, _cD, _lUD, _des, _dPe, _eSn, _cV, _t],
+    [0, 0, () => ValidationSettings$, 5, 5, [() => PolicyStoreDescription, 0], 0, () => EncryptionState$, 0, 128 | 0], 5
 ];
 export var GetPolicyTemplateInput$ = [3, n0, _GPTI,
     0,
@@ -666,6 +677,16 @@ export var IsAuthorizedWithTokenOutput$ = [3, n0, _IAWTO,
     [_de, _dP, _er, _p],
     [0, () => DeterminingPolicyList, [() => EvaluationErrorList, 0], [() => EntityIdentifier$, 0]], 3
 ];
+export var KmsEncryptionSettings$ = [3, n0, _KES,
+    0,
+    [_k, _eC],
+    [0, 128 | 0], 1
+];
+export var KmsEncryptionState$ = [3, n0, _KESm,
+    0,
+    [_k, _eC],
+    [0, 128 | 0], 2
+];
 export var ListIdentitySourcesInput$ = [3, n0, _LISI,
     0,
     [_pSI, _nT, _mR, _f],
@@ -928,7 +949,7 @@ export var UpdateOpenIdConnectIdentityTokenConfiguration$ = [3, n0, _UOICITC,
 export var UpdatePolicyInput$ = [3, n0, _UPI,
     0,
     [_pSI, _pI, _d],
-    [0, 0, [() => UpdatePolicyDefinition$, 0]], 3
+    [0, 0, [() => UpdatePolicyDefinition$, 0]], 2
 ];
 export var UpdatePolicyOutput$ = [3, n0, _UPO,
     0,
@@ -976,6 +997,7 @@ export var ValidationSettings$ = [3, n0, _VS,
     [_mo],
     [0], 1
 ];
+var __Unit = "unit";
 export var VerifiedPermissionsServiceException$ = [-3, _sm, "VerifiedPermissionsServiceException", 0, [], []];
 TypeRegistry.for(_sm).registerError(VerifiedPermissionsServiceException$, VerifiedPermissionsServiceException);
 var ActionIdentifierList = [1, n0, _AIL,
@@ -1079,6 +1101,7 @@ var ContextMap = [2, n0, _CM,
     [() => AttributeValue$,
         0]
 ];
+var EncryptionContext = 128 | 0;
 var EntityAttributes = [2, n0, _EA,
     0, [0,
         0],
@@ -1128,6 +1151,16 @@ export var ContextDefinition$ = [4, n0, _CDo,
     [_cM, _cJ],
     [[() => ContextMap, 0], [() => CedarJson, 0]]
 ];
+export var EncryptionSettings$ = [4, n0, _ES,
+    0,
+    [_kES, _def],
+    [() => KmsEncryptionSettings$, () => __Unit]
+];
+export var EncryptionState$ = [4, n0, _ESn,
+    0,
+    [_kESm, _def],
+    [() => KmsEncryptionState$, () => __Unit]
+];
 export var EntitiesDefinition$ = [4, n0, _ED,
     0,
     [_eL, _cJ],

package/dist-types/commands/CreatePolicyStoreCommand.d.ts

@@ -43,6 +43,15 @@ declare const CreatePolicyStoreCommand_base: {
  *   },
  *   description: "STRING_VALUE",
  *   deletionProtection: "ENABLED" || "DISABLED",
+ *   encryptionSettings: { // EncryptionSettings Union: only one key present
+ *     kmsEncryptionSettings: { // KmsEncryptionSettings
+ *       key: "STRING_VALUE", // required
+ *       encryptionContext: { // EncryptionContext
+ *         "<keys>": "STRING_VALUE",
+ *       },
+ *     },
+ *     default: {},
+ *   },
  *   tags: { // TagMap
  *     "<keys>": "STRING_VALUE",
  *   },
@@ -107,6 +116,35 @@ declare const CreatePolicyStoreCommand_base: {
  * *\/
  * ```
  *
+ * @example To create an encrypted policy store
+ * ```javascript
+ * // The following example creates a new policy store with encryption settings based on a provided KMS key.
+ * const input = {
+ *   clientToken: "a1b2c3d4-e5f6-a1b2-c3d4-TOKEN1111111",
+ *   encryptionSettings: {
+ *     kmsEncryptionSettings: {
+ *       encryptionContext: {
+ *         policy_store_owner: "Tim"
+ *       },
+ *       key: "arn:aws:kms:us-east-1:123456789012:key/abcdefgh-ijkl-mnop-qrst-uvwxyz123456"
+ *     }
+ *   },
+ *   validationSettings: {
+ *     mode: "STRICT"
+ *   }
+ * };
+ * const command = new CreatePolicyStoreCommand(input);
+ * const response = await client.send(command);
+ * /* response is
+ * {
+ *   arn: "arn:aws:verifiedpermissions::123456789012:policy-store/C7v5xMplfFH3i3e4Jrzb1a",
+ *   createdDate: "2024-08-12T18:20:50.99Z",
+ *   lastUpdatedDate: "2024-08-12T18:20:50.99Z",
+ *   policyStoreId: "C7v5xMplfFH3i3e4Jrzb1a"
+ * }
+ * *\/
+ * ```
+ *
  * @public
  */
 export declare class CreatePolicyStoreCommand extends CreatePolicyStoreCommand_base {

package/dist-types/commands/GetPolicyStoreCommand.d.ts

@@ -52,6 +52,15 @@ declare const GetPolicyStoreCommand_base: {
  * //   lastUpdatedDate: new Date("TIMESTAMP"), // required
  * //   description: "STRING_VALUE",
  * //   deletionProtection: "ENABLED" || "DISABLED",
+ * //   encryptionState: { // EncryptionState Union: only one key present
+ * //     kmsEncryptionState: { // KmsEncryptionState
+ * //       key: "STRING_VALUE", // required
+ * //       encryptionContext: { // EncryptionContext // required
+ * //         "<keys>": "STRING_VALUE",
+ * //       },
+ * //     },
+ * //     default: {},
+ * //   },
  * //   cedarVersion: "CEDAR_2" || "CEDAR_4",
  * //   tags: { // TagMap
  * //     "<keys>": "STRING_VALUE",
@@ -97,6 +106,38 @@ declare const GetPolicyStoreCommand_base: {
  * {
  *   arn: "arn:aws:verifiedpermissions::123456789012:policy-store/C7v5xMplfFH3i3e4Jrzb1a",
  *   createdDate: "2024-08-12T18:20:50.99Z",
+ *   encryptionState: {
+ *     default:     { /* empty *\/ }
+ *   },
+ *   lastUpdatedDate: "2024-08-12T18:20:50.99Z",
+ *   policyStoreId: "C7v5xMplfFH3i3e4Jrzb1a",
+ *   validationSettings: {
+ *     mode: "STRICT"
+ *   }
+ * }
+ * *\/
+ * ```
+ *
+ * @example GetPolicyStore that is encrypted
+ * ```javascript
+ * // The following example retrieves details about the specified encrypted policy store.
+ * const input = {
+ *   policyStoreId: "C7v5xMplfFH3i3e4Jrzb1a"
+ * };
+ * const command = new GetPolicyStoreCommand(input);
+ * const response = await client.send(command);
+ * /* response is
+ * {
+ *   arn: "arn:aws:verifiedpermissions::123456789012:policy-store/C7v5xMplfFH3i3e4Jrzb1a",
+ *   createdDate: "2024-08-12T18:20:50.99Z",
+ *   encryptionState: {
+ *     kmsEncryptionState: {
+ *       encryptionContext: {
+ *         policy_store_owner: "Tim"
+ *       },
+ *       key: "arn:aws:kms:us-east-1:123456789012:key/abcdefgh-ijkl-mnop-qrst-uvwxyz123456"
+ *     }
+ *   },
  *   lastUpdatedDate: "2024-08-12T18:20:50.99Z",
  *   policyStoreId: "C7v5xMplfFH3i3e4Jrzb1a",
  *   validationSettings: {

package/dist-types/models/models_0.d.ts

@@ -1070,6 +1070,72 @@ export interface CreatePolicyOutput {
      */
     effect?: PolicyEffect | undefined;
 }
+/**
+ * @public
+ */
+export interface Unit {
+}
+/**
+ * <p>A structure that contains the KMS encryption configuration for the policy store. The encryption settings determine what customer-managed KMS key will be used to encrypt all resources within the policy store, and any user-defined context key-value pairs to append during encryption processes.</p> <p>This data type is used as a field that is part of the <a href="https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_EncryptionSettings.html">EncryptionSettings</a> type.</p>
+ * @public
+ */
+export interface KmsEncryptionSettings {
+    /**
+     * <p>The customer-managed KMS key <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Name (ARN)</a>, alias or ID to be used for encryption processes. </p> <p>Users can provide the full KMS key ARN, a KMS key alias, or a KMS key ID, but it will be mapped to the full KMS key ARN after policy store creation, and referenced when encrypting child resources. </p>
+     * @public
+     */
+    key: string | undefined;
+    /**
+     * <p>User-defined, additional context to be added to encryption processes. </p>
+     * @public
+     */
+    encryptionContext?: Record<string, string> | undefined;
+}
+/**
+ * <p>A structure that contains the encryption configuration for the policy store and child resources. </p> <p>This data type is used as a request parameter in the <a href="https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_CreatePolicyStore.html">CreatePolicyStore</a> operation.</p>
+ * @public
+ */
+export type EncryptionSettings = EncryptionSettings.DefaultMember | EncryptionSettings.KmsEncryptionSettingsMember | EncryptionSettings.$UnknownMember;
+/**
+ * @public
+ */
+export declare namespace EncryptionSettings {
+    /**
+     * <p>The KMS encryption settings for this policy store to encrypt data with. It will contain the customer-managed KMS key, and a user-defined encryption context. </p>
+     * @public
+     */
+    interface KmsEncryptionSettingsMember {
+        kmsEncryptionSettings: KmsEncryptionSettings;
+        default?: never;
+        $unknown?: never;
+    }
+    /**
+     * <p>This is the default encryption setting. The policy store uses an Amazon Web Services owned key for encrypting data.</p>
+     * @public
+     */
+    interface DefaultMember {
+        kmsEncryptionSettings?: never;
+        default: Unit;
+        $unknown?: never;
+    }
+    /**
+     * @public
+     */
+    interface $UnknownMember {
+        kmsEncryptionSettings?: never;
+        default?: never;
+        $unknown: [string, any];
+    }
+    /**
+     * @deprecated unused in schema-serde mode.
+     *
+     */
+    interface Visitor<T> {
+        kmsEncryptionSettings: (value: KmsEncryptionSettings) => T;
+        default: (value: Unit) => T;
+        _: (name: string, value: any) => T;
+    }
+}
 /**
  * <p>A structure that contains Cedar policy validation settings for the policy store. The validation mode determines which validation failures that Cedar considers serious enough to block acceptance of a new or edited static policy or policy template. </p> <p>This data type is used as a request parameter in the <a href="https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_CreatePolicyStore.html">CreatePolicyStore</a> and <a href="https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_UpdatePolicyStore.html">UpdatePolicyStore</a> operations.</p>
  * @public
@@ -1105,6 +1171,11 @@ export interface CreatePolicyStoreInput {
      * @public
      */
     deletionProtection?: DeletionProtection | undefined;
+    /**
+     * <p>Specifies the encryption settings used to encrypt the policy store and their child resources. Allows for the ability to use a customer owned KMS key for encryption of data.</p> <p>This is an optional field to be used when providing a customer-managed KMS key for encryption.</p>
+     * @public
+     */
+    encryptionSettings?: EncryptionSettings | undefined;
     /**
      * <p>The list of key-value pairs to associate with the policy store.</p>
      * @public
@@ -1261,6 +1332,67 @@ export interface DeletePolicyTemplateInput {
  */
 export interface DeletePolicyTemplateOutput {
 }
+/**
+ * <p>A structure that contains the KMS encryption configuration for the policy store. The encryption state shows what customer-managed KMS key is being used to encrypt all resources within the policy store, and any user-defined context key-value pairs added during encryption processes.</p> <p>This data type is used as a field that is part of the <a href="https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_EncryptionState.html">EncryptionState</a> type.</p>
+ * @public
+ */
+export interface KmsEncryptionState {
+    /**
+     * <p>The customer-managed KMS key <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Name (ARN)</a> being used for encryption processes. </p>
+     * @public
+     */
+    key: string | undefined;
+    /**
+     * <p>User-defined, additional context added to encryption processes. </p>
+     * @public
+     */
+    encryptionContext: Record<string, string> | undefined;
+}
+/**
+ * <p>A structure that contains the encryption configuration for the policy store and child resources.</p> <p>This data type is used as a response parameter field for the <a href="https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_GetPolicyStore.html">GetPolicyStore</a> operation.</p>
+ * @public
+ */
+export type EncryptionState = EncryptionState.DefaultMember | EncryptionState.KmsEncryptionStateMember | EncryptionState.$UnknownMember;
+/**
+ * @public
+ */
+export declare namespace EncryptionState {
+    /**
+     * <p>The KMS encryption settings currently configured for this policy store to encrypt data with. It contains the customer-managed KMS key, and a user-defined encryption context. </p>
+     * @public
+     */
+    interface KmsEncryptionStateMember {
+        kmsEncryptionState: KmsEncryptionState;
+        default?: never;
+        $unknown?: never;
+    }
+    /**
+     * <p>This is the default encryption state. The policy store is encrypted using an Amazon Web Services owned key.</p>
+     * @public
+     */
+    interface DefaultMember {
+        kmsEncryptionState?: never;
+        default: Unit;
+        $unknown?: never;
+    }
+    /**
+     * @public
+     */
+    interface $UnknownMember {
+        kmsEncryptionState?: never;
+        default?: never;
+        $unknown: [string, any];
+    }
+    /**
+     * @deprecated unused in schema-serde mode.
+     *
+     */
+    interface Visitor<T> {
+        kmsEncryptionState: (value: KmsEncryptionState) => T;
+        default: (value: Unit) => T;
+        _: (name: string, value: any) => T;
+    }
+}
 /**
  * <p>Contains information about a principal or resource that can be referenced in a Cedar policy.</p> <p>This data type is used as part of the <a href="https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_PolicyFilter.html">PolicyFilter</a> structure that is used as a request parameter for the <a href="https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_ListPolicies.html">ListPolicies</a> operation..</p>
  * @public
@@ -1523,6 +1655,11 @@ export interface GetPolicyStoreOutput {
      * @public
      */
     deletionProtection?: DeletionProtection | undefined;
+    /**
+     * <p>A structure that contains the encryption configuration for the policy store.</p>
+     * @public
+     */
+    encryptionState?: EncryptionState | undefined;
     /**
      * <p>The version of the Cedar language used with policies, policy templates, and schemas in this policy store. For more information, see <a href="https://docs.aws.amazon.com/verifiedpermissions/latest/userguide/cedar4-faq.html">Amazon Verified Permissions upgrade to Cedar v4 FAQ</a>.</p>
      * @public
@@ -2458,7 +2595,7 @@ export interface UpdatePolicyInput {
      * <p>Specifies the updated policy content that you want to replace on the specified policy. The content must be valid Cedar policy language text.</p> <p>You can change only the following elements from the policy definition:</p> <ul> <li> <p>The <code>action</code> referenced by the policy.</p> </li> <li> <p>Any conditional clauses, such as <code>when</code> or <code>unless</code> clauses.</p> </li> </ul> <p>You <b>can't</b> change the following elements:</p> <ul> <li> <p>Changing from <code>static</code> to <code>templateLinked</code>.</p> </li> <li> <p>Changing the effect of the policy from <code>permit</code> or <code>forbid</code>.</p> </li> <li> <p>The <code>principal</code> referenced by the policy.</p> </li> <li> <p>The <code>resource</code> referenced by the policy.</p> </li> </ul>
      * @public
      */
-    definition: UpdatePolicyDefinition | undefined;
+    definition?: UpdatePolicyDefinition | undefined;
 }
 /**
  * @public

package/dist-types/schemas/schemas_0.d.ts

@@ -61,6 +61,8 @@ export declare var IsAuthorizedInput$: StaticStructureSchema;
 export declare var IsAuthorizedOutput$: StaticStructureSchema;
 export declare var IsAuthorizedWithTokenInput$: StaticStructureSchema;
 export declare var IsAuthorizedWithTokenOutput$: StaticStructureSchema;
+export declare var KmsEncryptionSettings$: StaticStructureSchema;
+export declare var KmsEncryptionState$: StaticStructureSchema;
 export declare var ListIdentitySourcesInput$: StaticStructureSchema;
 export declare var ListIdentitySourcesOutput$: StaticStructureSchema;
 export declare var ListPoliciesInput$: StaticStructureSchema;
@@ -129,6 +131,8 @@ export declare var Configuration$: StaticUnionSchema;
 export declare var ConfigurationDetail$: StaticUnionSchema;
 export declare var ConfigurationItem$: StaticUnionSchema;
 export declare var ContextDefinition$: StaticUnionSchema;
+export declare var EncryptionSettings$: StaticUnionSchema;
+export declare var EncryptionState$: StaticUnionSchema;
 export declare var EntitiesDefinition$: StaticUnionSchema;
 export declare var EntityReference$: StaticUnionSchema;
 export declare var OpenIdConnectTokenSelection$: StaticUnionSchema;

package/dist-types/ts3.4/models/models_0.d.ts

@@ -398,6 +398,37 @@ export interface CreatePolicyOutput {
   lastUpdatedDate: Date | undefined;
   effect?: PolicyEffect | undefined;
 }
+export interface Unit {}
+export interface KmsEncryptionSettings {
+  key: string | undefined;
+  encryptionContext?: Record<string, string> | undefined;
+}
+export type EncryptionSettings =
+  | EncryptionSettings.DefaultMember
+  | EncryptionSettings.KmsEncryptionSettingsMember
+  | EncryptionSettings.$UnknownMember;
+export declare namespace EncryptionSettings {
+  interface KmsEncryptionSettingsMember {
+    kmsEncryptionSettings: KmsEncryptionSettings;
+    default?: never;
+    $unknown?: never;
+  }
+  interface DefaultMember {
+    kmsEncryptionSettings?: never;
+    default: Unit;
+    $unknown?: never;
+  }
+  interface $UnknownMember {
+    kmsEncryptionSettings?: never;
+    default?: never;
+    $unknown: [string, any];
+  }
+  interface Visitor<T> {
+    kmsEncryptionSettings: (value: KmsEncryptionSettings) => T;
+    default: (value: Unit) => T;
+    _: (name: string, value: any) => T;
+  }
+}
 export interface ValidationSettings {
   mode: ValidationMode | undefined;
 }
@@ -406,6 +437,7 @@ export interface CreatePolicyStoreInput {
   validationSettings: ValidationSettings | undefined;
   description?: string | undefined;
   deletionProtection?: DeletionProtection | undefined;
+  encryptionSettings?: EncryptionSettings | undefined;
   tags?: Record<string, string> | undefined;
 }
 export interface CreatePolicyStoreOutput {
@@ -445,6 +477,36 @@ export interface DeletePolicyTemplateInput {
   policyTemplateId: string | undefined;
 }
 export interface DeletePolicyTemplateOutput {}
+export interface KmsEncryptionState {
+  key: string | undefined;
+  encryptionContext: Record<string, string> | undefined;
+}
+export type EncryptionState =
+  | EncryptionState.DefaultMember
+  | EncryptionState.KmsEncryptionStateMember
+  | EncryptionState.$UnknownMember;
+export declare namespace EncryptionState {
+  interface KmsEncryptionStateMember {
+    kmsEncryptionState: KmsEncryptionState;
+    default?: never;
+    $unknown?: never;
+  }
+  interface DefaultMember {
+    kmsEncryptionState?: never;
+    default: Unit;
+    $unknown?: never;
+  }
+  interface $UnknownMember {
+    kmsEncryptionState?: never;
+    default?: never;
+    $unknown: [string, any];
+  }
+  interface Visitor<T> {
+    kmsEncryptionState: (value: KmsEncryptionState) => T;
+    default: (value: Unit) => T;
+    _: (name: string, value: any) => T;
+  }
+}
 export type EntityReference =
   | EntityReference.IdentifierMember
   | EntityReference.UnspecifiedMember
@@ -518,6 +580,7 @@ export interface GetPolicyStoreOutput {
   lastUpdatedDate: Date | undefined;
   description?: string | undefined;
   deletionProtection?: DeletionProtection | undefined;
+  encryptionState?: EncryptionState | undefined;
   cedarVersion?: CedarVersion | undefined;
   tags?: Record<string, string> | undefined;
 }
@@ -799,7 +862,7 @@ export declare namespace UpdatePolicyDefinition {
 export interface UpdatePolicyInput {
   policyStoreId: string | undefined;
   policyId: string | undefined;
-  definition: UpdatePolicyDefinition | undefined;
+  definition?: UpdatePolicyDefinition | undefined;
 }
 export interface UpdatePolicyOutput {
   policyStoreId: string | undefined;

package/dist-types/ts3.4/schemas/schemas_0.d.ts

@@ -66,6 +66,8 @@ export declare var IsAuthorizedInput$: StaticStructureSchema;
 export declare var IsAuthorizedOutput$: StaticStructureSchema;
 export declare var IsAuthorizedWithTokenInput$: StaticStructureSchema;
 export declare var IsAuthorizedWithTokenOutput$: StaticStructureSchema;
+export declare var KmsEncryptionSettings$: StaticStructureSchema;
+export declare var KmsEncryptionState$: StaticStructureSchema;
 export declare var ListIdentitySourcesInput$: StaticStructureSchema;
 export declare var ListIdentitySourcesOutput$: StaticStructureSchema;
 export declare var ListPoliciesInput$: StaticStructureSchema;
@@ -134,6 +136,8 @@ export declare var Configuration$: StaticUnionSchema;
 export declare var ConfigurationDetail$: StaticUnionSchema;
 export declare var ConfigurationItem$: StaticUnionSchema;
 export declare var ContextDefinition$: StaticUnionSchema;
+export declare var EncryptionSettings$: StaticUnionSchema;
+export declare var EncryptionState$: StaticUnionSchema;
 export declare var EntitiesDefinition$: StaticUnionSchema;
 export declare var EntityReference$: StaticUnionSchema;
 export declare var OpenIdConnectTokenSelection$: StaticUnionSchema;

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@aws-sdk/client-verifiedpermissions",
   "description": "AWS SDK for JavaScript Verifiedpermissions Client for Node.js, Browser and React Native",
-  "version": "3.971.0",
+  "version": "3.974.0",
   "scripts": {
     "build": "concurrently 'yarn:build:types' 'yarn:build:es' && yarn build:cjs",
     "build:cjs": "node ../../scripts/compilation/inline client-verifiedpermissions",
@@ -9,7 +9,7 @@
     "build:include:deps": "yarn g:turbo run build -F=\"$npm_package_name\"",
     "build:types": "tsc -p tsconfig.types.json",
     "build:types:downlevel": "downlevel-dts dist-types dist-types/ts3.4",
-    "clean": "rimraf ./dist-* && rimraf *.tsbuildinfo",
+    "clean": "premove dist-cjs dist-es dist-types tsconfig.cjs.tsbuildinfo tsconfig.es.tsbuildinfo tsconfig.types.tsbuildinfo",
     "extract:docs": "api-extractor run --local",
     "generate:client": "node ../../scripts/generate-clients/single-service --solo verifiedpermissions",
     "test:index": "tsc --noEmit ./test/index-types.ts && node ./test/index-objects.spec.mjs"
@@ -21,38 +21,38 @@
   "dependencies": {
     "@aws-crypto/sha256-browser": "5.2.0",
     "@aws-crypto/sha256-js": "5.2.0",
-    "@aws-sdk/core": "3.970.0",
-    "@aws-sdk/credential-provider-node": "3.971.0",
-    "@aws-sdk/middleware-host-header": "3.969.0",
-    "@aws-sdk/middleware-logger": "3.969.0",
-    "@aws-sdk/middleware-recursion-detection": "3.969.0",
-    "@aws-sdk/middleware-user-agent": "3.970.0",
-    "@aws-sdk/region-config-resolver": "3.969.0",
-    "@aws-sdk/types": "3.969.0",
-    "@aws-sdk/util-endpoints": "3.970.0",
-    "@aws-sdk/util-user-agent-browser": "3.969.0",
-    "@aws-sdk/util-user-agent-node": "3.971.0",
+    "@aws-sdk/core": "^3.973.0",
+    "@aws-sdk/credential-provider-node": "^3.972.1",
+    "@aws-sdk/middleware-host-header": "^3.972.1",
+    "@aws-sdk/middleware-logger": "^3.972.1",
+    "@aws-sdk/middleware-recursion-detection": "^3.972.1",
+    "@aws-sdk/middleware-user-agent": "^3.972.1",
+    "@aws-sdk/region-config-resolver": "^3.972.1",
+    "@aws-sdk/types": "^3.973.0",
+    "@aws-sdk/util-endpoints": "3.972.0",
+    "@aws-sdk/util-user-agent-browser": "^3.972.1",
+    "@aws-sdk/util-user-agent-node": "^3.972.1",
     "@smithy/config-resolver": "^4.4.6",
-    "@smithy/core": "^3.20.6",
+    "@smithy/core": "^3.21.0",
     "@smithy/fetch-http-handler": "^5.3.9",
     "@smithy/hash-node": "^4.2.8",
     "@smithy/invalid-dependency": "^4.2.8",
     "@smithy/middleware-content-length": "^4.2.8",
-    "@smithy/middleware-endpoint": "^4.4.7",
-    "@smithy/middleware-retry": "^4.4.23",
+    "@smithy/middleware-endpoint": "^4.4.10",
+    "@smithy/middleware-retry": "^4.4.26",
     "@smithy/middleware-serde": "^4.2.9",
     "@smithy/middleware-stack": "^4.2.8",
     "@smithy/node-config-provider": "^4.3.8",
     "@smithy/node-http-handler": "^4.4.8",
     "@smithy/protocol-http": "^5.3.8",
-    "@smithy/smithy-client": "^4.10.8",
+    "@smithy/smithy-client": "^4.10.11",
     "@smithy/types": "^4.12.0",
     "@smithy/url-parser": "^4.2.8",
     "@smithy/util-base64": "^4.3.0",
     "@smithy/util-body-length-browser": "^4.2.0",
     "@smithy/util-body-length-node": "^4.2.1",
-    "@smithy/util-defaults-mode-browser": "^4.3.22",
-    "@smithy/util-defaults-mode-node": "^4.2.25",
+    "@smithy/util-defaults-mode-browser": "^4.3.25",
+    "@smithy/util-defaults-mode-node": "^4.2.28",
     "@smithy/util-endpoints": "^3.2.8",
     "@smithy/util-middleware": "^4.2.8",
     "@smithy/util-retry": "^4.2.8",
@@ -64,7 +64,7 @@
     "@types/node": "^20.14.8",
     "concurrently": "7.0.0",
     "downlevel-dts": "0.10.1",
-    "rimraf": "5.0.10",
+    "premove": "4.0.0",
     "typescript": "~5.8.3"
   },
   "engines": {