Closed paulhcsun closed 2 weeks ago
@GavinZZ the main issue with the current usage is that it requires the user to know when it is appropriate to pass in an encryptionKey
depending on which encryptionType
they used.
i.e. passing in an encryptionKey
is only valid when the encryptionType === CUSTOMER_MANAGED_KEY
and would throw an error if the key were passed in with encryptionType
set to AWS_OWNED
or UNENCRYPTED
. This change makes it so that then the encryptionType
is AWS_OWNED
or UNENCRYPTED
the user does not have an option to pass in a key which will remove the need for that error handling and remove the need to the user to know the restrictions.
Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).
Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository
Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).
Comments on closed issues and PRs are hard for our team to see. If you need help, please open a new issue that references this one.
Reason for this change
The previous
encryption
andencryptionKey
properties required error handling to enforce when anencryptionKey
could be specified and when it was invalid (only valid when usingCUSTOMER_MANAGED_KEY
).The properties should be combined to make this user experience more straightforward and only allow a KMS key to be passed in when using a customer-managed key.
Description of changes
BREAKING CHANGE:
encryptionKey
property is removed andencryption
property type has changed from theStreamEncryption
enum to theStreamEncryption
class.To pass in a KMS key for the customer managed key case, use
StreamEncryption.customerManagedKey(key)
Details
Replaced
encryption
andencryptionKey
properties with a single propertyencryption
of typeStreamEncryption
and is used by calling one of the 3 methods:This makes it so it's not longer possible to pass in a key when the encryption type is AWS owned or unencrypted. The
key
is an optional parameter inStreamEncryption.customerManagedKey(key?: IKey)
so following the previous behaviour, if a key is provided it will be used, otherwise a key will be created for the user.Description of how you validated changes
Generated templates do not change so behaviour remains the same.
Updated integ/unit tests.
Checklist
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license