Skip to content

feat(s3): BucketEncryption Mixin for S3 server-side encryption#37208

Draft
mrgrain wants to merge 1 commit intomainfrom
mrgrain/feat/mixins-preview/bucket-encryption-mixin
Draft

feat(s3): BucketEncryption Mixin for S3 server-side encryption#37208
mrgrain wants to merge 1 commit intomainfrom
mrgrain/feat/mixins-preview/bucket-encryption-mixin

Conversation

@mrgrain
Copy link
Copy Markdown
Contributor

@mrgrain mrgrain commented Mar 9, 2026
edited
Loading

Reason for this change

The mixin codegen for specialized type-based mixins was living in mixins-preview, which is being phased out. This type of codegen needs to live in spec2cdk and generate output directly into aws-cdk-lib service modules.

The first mixin generated this way is BucketEncryption for S3, which provides a type-safe way to configure server-side encryption with full KMS key relationship resolution.

Description of changes

Introduces a new type-mixins codegen system in spec2cdk that generates specialized mixins from CloudFormation type definitions. Unlike the existing cfn-prop-mixins (which generate a mixin per resource with all properties), type-mixins focus on a single complex type and generate a dedicated mixin class with nested types, enums, and relationship-resolving flatten functions.

The codegen follows the same class-based pattern as L1PropsMixin and ResourceClass — a TypeMixin base class extends ClassType with a build() method. BucketEncryptionMixin is the first concrete implementation.

The generated BucketEncryption mixin delegates property assignment to the internal CfnPropsMixin with an override merge strategy, keeping the generated code thin while reusing existing infrastructure.

An isGeneratedMixinType check was added to awslint's CoreTypes to generically skip props-default-doc for types in the mixins namespace that come from .generated.ts files with @stability external. This avoids per-property exclusions in awslint.json.

Describe any new or updated permissions being added

N/A

Description of how you validated changes

9 unit tests covering BucketEncryption mixin: supports/rejects constructs, AES256, KMS with string key, KMS with IKeyRef, bucket key enabled, L2 .with(), enum values. All pass. Full yarn build of spec2cdk, awslint, and aws-cdk-lib passes with 0 errors.

Checklist

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

@github-actions github-actions bot added the p2 label Mar 9, 2026
@aws-cdk-automation aws-cdk-automation requested a review from a team March 9, 2026 20:02
@mergify mergify bot added the contribution/core This is a PR that came from AWS. label Mar 9, 2026
@mergify mergify bot temporarily deployed to automation March 9, 2026 20:02 Inactive
@mergify mergify bot temporarily deployed to automation March 9, 2026 20:03 Inactive
aws-cdk-automation
aws-cdk-automation previously requested changes Mar 9, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@aws-cdk-automation aws-cdk-automation left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(This review is outdated)

@pahud pahud mentioned this pull request Mar 10, 2026
Open
@mrgrain mrgrain force-pushed the mrgrain/feat/mixins-preview/bucket-encryption-mixin branch from ec73deb to 7c825c7 Compare March 11, 2026 12:51
@mrgrain mrgrain changed the title feat(mixins-preview): add BucketEncryption mixin for S3 server-side e… feat(s3): BucketEncryption Mixin for S3 server-side encryption Mar 11, 2026
@pahud pahud mentioned this pull request Mar 11, 2026
Open
@mrgrain mrgrain force-pushed the mrgrain/feat/mixins-preview/bucket-encryption-mixin branch from 7c825c7 to e6cf199 Compare March 11, 2026 15:35
@mrgrain mrgrain force-pushed the mrgrain/feat/mixins-preview/bucket-encryption-mixin branch from e6cf199 to 1e22110 Compare March 11, 2026 15:58
@mrgrain mrgrain marked this pull request as ready for review March 11, 2026 16:01
@mrgrain mrgrain added the pr-linter/exempt-integ-test The PR linter will not require integ test changes label Mar 11, 2026
@mrgrain mrgrain changed the title feat(s3): BucketEncryption Mixin for S3 server-side encryption feat(s3): BucketEncryption Mixin for S3 server-side encryption Mar 11, 2026
@aws-cdk-automation aws-cdk-automation dismissed their stale review March 11, 2026 16:04

✅ Updated pull request passes all PRLinter validations. Dismissing previous PRLinter review.

@mrgrain mrgrain force-pushed the mrgrain/feat/mixins-preview/bucket-encryption-mixin branch from 1e22110 to 9fe051b Compare March 11, 2026 16:13
@aws-cdk-automation aws-cdk-automation added the pr/needs-maintainer-review This PR needs a review from a Core Team Member label Mar 11, 2026
@mrgrain mrgrain added the pr/do-not-merge This PR should not be merged at this time. label Mar 12, 2026
@aws-cdk-automation aws-cdk-automation removed the pr/needs-maintainer-review This PR needs a review from a Core Team Member label Mar 16, 2026
@mrgrain mrgrain marked this pull request as draft March 24, 2026 16:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rix0rrr rix0rrr rix0rrr approved these changes

@aws-cdk-automation aws-cdk-automation aws-cdk-automation left review comments

Assignees

No one assigned

Labels

contribution/core This is a PR that came from AWS. p2 pr/do-not-merge This PR should not be merged at this time. pr-linter/exempt-integ-test The PR linter will not require integ test changes

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@mrgrain @rix0rrr @aws-cdk-automation