-
Notifications
You must be signed in to change notification settings - Fork 3.9k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
chore(kinesisfirehose-alpha): refactor encryption property to combine…
… encryptionKey (#31430) ### Reason for this change The previous `encryption` and `encryptionKey` properties required error handling to enforce when an `encryptionKey` could be specified and when it was invalid (only valid when using `CUSTOMER_MANAGED_KEY`). The properties should be combined to make this user experience more straightforward and only allow a KMS key to be passed in when using a customer-managed key. ### Description of changes BREAKING CHANGE: `encryptionKey` property is removed and `encryption` property type has changed from the `StreamEncryption` enum to the `StreamEncryption` class. To pass in a KMS key for the customer managed key case, use `StreamEncryption.customerManagedKey(key)` #### Details Replaced `encryption` and `encryptionKey` properties with a single property `encryption` of type `StreamEncryption` and is used by calling one of the 3 methods: ```ts SreamEncryption.unencrypted() StreamEncryption.awsOwnedKey() StreamEncryption.customerManagedKey(key?: IKey) ``` This makes it so it's not longer possible to pass in a key when the encryption type is AWS owned or unencrypted. The `key` is an optional parameter in `StreamEncryption.customerManagedKey(key?: IKey)` so following the previous behaviour, if a key is provided it will be used, otherwise a key will be created for the user. ### Description of how you validated changes Generated templates do not change so behaviour remains the same. Updated integ/unit tests. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
- Loading branch information
Showing
6 changed files
with
67 additions
and
50 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
44 changes: 44 additions & 0 deletions
44
packages/@aws-cdk/aws-kinesisfirehose-alpha/lib/encryption.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,44 @@ | ||
import { StreamEncryptionType } from './delivery-stream'; | ||
import { IKey } from 'aws-cdk-lib/aws-kms'; | ||
|
||
/** | ||
* Represents server-side encryption for a Kinesis Firehose Delivery Stream. | ||
*/ | ||
export abstract class StreamEncryption { | ||
/** | ||
* No server-side encryption is configured. | ||
*/ | ||
public static unencrypted(): StreamEncryption { | ||
return new (class extends StreamEncryption { | ||
}) (StreamEncryptionType.UNENCRYPTED); | ||
} | ||
|
||
/** | ||
* Configure server-side encryption using an AWS owned key. | ||
*/ | ||
public static awsOwnedKey(): StreamEncryption { | ||
return new (class extends StreamEncryption { | ||
}) (StreamEncryptionType.AWS_OWNED); | ||
} | ||
|
||
/** | ||
* Configure server-side encryption using customer managed keys. | ||
* | ||
* @param encryptionKey the KMS key for the delivery stream. | ||
*/ | ||
public static customerManagedKey(encryptionKey?: IKey): StreamEncryption { | ||
return new (class extends StreamEncryption { | ||
|
||
}) (StreamEncryptionType.CUSTOMER_MANAGED, encryptionKey); | ||
} | ||
|
||
/** | ||
* Constructor for StreamEncryption. | ||
* | ||
* @param type The type of server-side encryption for the Kinesis Firehose delivery stream. | ||
* @param encryptionKey Optional KMS key used for customer managed encryption. | ||
*/ | ||
private constructor ( | ||
public readonly type: StreamEncryptionType, | ||
public readonly encryptionKey?: IKey) {} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters