Skip to content

Commit

Permalink
docs(KSA): clarify mutation behvior (#1112)
Browse files Browse the repository at this point in the history
  • Loading branch information
texastony committed Dec 17, 2024
1 parent 7549f2a commit 4b2b629
Show file tree
Hide file tree
Showing 3 changed files with 32 additions and 19 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -402,8 +402,8 @@ structure InitializeMutationOutput {
}

// TODO: assert release is v1.9.0
@documentation("
Define the Mutation in terms of the terminal, or end state,
@documentation(
"Define the Mutation in terms of the terminal, or end state,
value for a particular Branch Key property.
The original value will be REPLACED with this value.
As of v1.9.0, a Mutation can either:
Expand All @@ -412,14 +412,16 @@ As of v1.9.0, a Mutation can either:
- replace both the KmsArn and the custom encryption context")
structure Mutations {
@documentation(
"ReEncrypt all Items of the Branch Key
"Optional. If not set, there will be no change to the KMS ARN.
If set, ReEncrypt all Items of the Branch Key
to be authorized by this
AWS Key Management Service Key.
A Multi-Region or Single Region AWS KMS Key are permitted,
but not aliases!")
TerminalKmsArn: String // KMS Arn validation MUST occur in Dafny
@documentation(
"ReEncrypt all Items of the Branch Key
"Optional. If not set, there will be no change to the Encryption Context.
ReEncrypt all Items of the Branch Key
to be authorized with this custom encryption context.
An empty Encryption Context is not allowed.")
TerminalEncryptionContext: aws.cryptography.keyStore#EncryptionContextString // EC non Empty MUST be validated in Dafny
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,6 @@
import java.util.Map;

/**
*
* Define the Mutation in terms of the terminal, or end state,
* value for a particular Branch Key property.
* The original value will be REPLACED with this value.
Expand All @@ -18,7 +17,8 @@
public class Mutations {

/**
* ReEncrypt all Items of the Branch Key
* Optional. If not set, there will be no change to the KMS ARN.
* If set, ReEncrypt all Items of the Branch Key
* to be authorized by this
* AWS Key Management Service Key.
* A Multi-Region or Single Region AWS KMS Key are permitted,
Expand All @@ -27,7 +27,8 @@ public class Mutations {
private final String TerminalKmsArn;

/**
* ReEncrypt all Items of the Branch Key
* Optional. If not set, there will be no change to the Encryption Context.
* ReEncrypt all Items of the Branch Key
* to be authorized with this custom encryption context.
* An empty Encryption Context is not allowed.
*/
Expand All @@ -39,7 +40,8 @@ protected Mutations(BuilderImpl builder) {
}

/**
* @return ReEncrypt all Items of the Branch Key
* @return Optional. If not set, there will be no change to the KMS ARN.
* If set, ReEncrypt all Items of the Branch Key
* to be authorized by this
* AWS Key Management Service Key.
* A Multi-Region or Single Region AWS KMS Key are permitted,
Expand All @@ -50,7 +52,8 @@ public String TerminalKmsArn() {
}

/**
* @return ReEncrypt all Items of the Branch Key
* @return Optional. If not set, there will be no change to the Encryption Context.
* ReEncrypt all Items of the Branch Key
* to be authorized with this custom encryption context.
* An empty Encryption Context is not allowed.
*/
Expand All @@ -68,7 +71,8 @@ public static Builder builder() {

public interface Builder {
/**
* @param TerminalKmsArn ReEncrypt all Items of the Branch Key
* @param TerminalKmsArn Optional. If not set, there will be no change to the KMS ARN.
* If set, ReEncrypt all Items of the Branch Key
* to be authorized by this
* AWS Key Management Service Key.
* A Multi-Region or Single Region AWS KMS Key are permitted,
Expand All @@ -77,7 +81,8 @@ public interface Builder {
Builder TerminalKmsArn(String TerminalKmsArn);

/**
* @return ReEncrypt all Items of the Branch Key
* @return Optional. If not set, there will be no change to the KMS ARN.
* If set, ReEncrypt all Items of the Branch Key
* to be authorized by this
* AWS Key Management Service Key.
* A Multi-Region or Single Region AWS KMS Key are permitted,
Expand All @@ -86,7 +91,8 @@ public interface Builder {
String TerminalKmsArn();

/**
* @param TerminalEncryptionContext ReEncrypt all Items of the Branch Key
* @param TerminalEncryptionContext Optional. If not set, there will be no change to the Encryption Context.
* ReEncrypt all Items of the Branch Key
* to be authorized with this custom encryption context.
* An empty Encryption Context is not allowed.
*/
Expand All @@ -95,7 +101,8 @@ Builder TerminalEncryptionContext(
);

/**
* @return ReEncrypt all Items of the Branch Key
* @return Optional. If not set, there will be no change to the Encryption Context.
* ReEncrypt all Items of the Branch Key
* to be authorized with this custom encryption context.
* An empty Encryption Context is not allowed.
*/
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -1121,14 +1121,18 @@ def __init__(
- replace both the KmsArn and
the custom encryption context
:param terminal_kms_arn: ReEncrypt all Items of the Branch Key
to be
authorized by this
:param terminal_kms_arn: Optional. If not set, there will be no change to the
KMS ARN.
If set, ReEncrypt all Items of the Branch Key
to be authorized by
this
AWS Key Management Service Key.
A Multi-Region or Single
Region AWS KMS Key are permitted,
A Multi-Region or Single Region AWS KMS
Key are permitted,
but not aliases!
:param terminal_encryption_context: ReEncrypt all Items of the Branch Key
:param terminal_encryption_context: Optional. If not set, there will be no
change to the Encryption Context.
ReEncrypt all Items of the Branch Key
to
be authorized with this custom encryption context.
An empty Encryption Context
Expand Down

0 comments on commit 4b2b629

Please sign in to comment.