From c9733a6088af1142bb510804b35b852933da2490 Mon Sep 17 00:00:00 2001
From: Mitchell Valine <mitchellvaline@yahoo.com>
Date: Wed, 12 Apr 2023 14:46:55 -0700
Subject: [PATCH 1/2] chore: ignore aws-cdk-lib tests in npm package (#25086)

Add tests directories to .npmignore in aws-cdk-lib to decrease package size.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
---
 packages/aws-cdk-lib/.npmignore | 1 +
 1 file changed, 1 insertion(+)

diff --git a/packages/aws-cdk-lib/.npmignore b/packages/aws-cdk-lib/.npmignore
index f6a6ce9e1317a..39a19f1bc4c14 100644
--- a/packages/aws-cdk-lib/.npmignore
+++ b/packages/aws-cdk-lib/.npmignore
@@ -5,6 +5,7 @@
 !*.d.ts
 !*.js
 test/
+**/test/**
 
 # Coverage
 coverage

From 0480e47be1a4016df64d6669093de6d5b83be8f7 Mon Sep 17 00:00:00 2001
From: Otavio Macedo <288203+otaviomacedo@users.noreply.github.com>
Date: Wed, 12 Apr 2023 23:17:12 +0100
Subject: [PATCH 2/2] chore(s3): documented how the bucket encryption
 configuration is computed (#25079)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
---
 packages/aws-cdk-lib/aws-s3/lib/bucket.ts | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/packages/aws-cdk-lib/aws-s3/lib/bucket.ts b/packages/aws-cdk-lib/aws-s3/lib/bucket.ts
index 8106702c87e44..3283f6cb51929 100644
--- a/packages/aws-cdk-lib/aws-s3/lib/bucket.ts
+++ b/packages/aws-cdk-lib/aws-s3/lib/bucket.ts
@@ -1983,7 +1983,22 @@ export class Bucket extends BucketBase {
 
   /**
    * Set up key properties and return the Bucket encryption property from the
-   * user's configuration.
+   * user's configuration, according to the following table:
+   *
+   * | props.encryption | props.encryptionKey | props.bucketKeyEnabled | bucketEncryption (return value) | encryptionKey (return value) |
+   * |------------------|---------------------|------------------------|---------------------------------|------------------------------|
+   * | undefined        | undefined           | e                      | undefined                       | undefined                    |
+   * | UNENCRYPTED      | undefined           | false                  | undefined                       | undefined                    |
+   * | undefined        | k                   | e                      | SSE-KMS, bucketKeyEnabled = e   | k                            |
+   * | KMS              | k                   | e                      | SSE-KMS, bucketKeyEnabled = e   | k                            |
+   * | KMS              | undefined           | e                      | SSE-KMS, bucketKeyEnabled = e   | new key                      |
+   * | KMS_MANAGED      | undefined           | e                      | SSE-KMS, bucketKeyEnabled = e   | undefined                    |
+   * | S3_MANAGED       | undefined           | false                  | SSE-S3                          | undefined                    |
+   * | UNENCRYPTED      | undefined           | true                   | ERROR!                          | ERROR!                       |
+   * | UNENCRYPTED      | k                   | e                      | ERROR!                          | ERROR!                       |
+   * | KMS_MANAGED      | k                   | e                      | ERROR!                          | ERROR!                       |
+   * | S3_MANAGED       | undefined           | true                   | ERROR!                          | ERROR!                       |
+   * | S3_MANAGED       | k                   | e                      | ERROR!                          | ERROR!                       |
    */
   private parseEncryption(props: BucketProps): {
     bucketEncryption?: CfnBucket.BucketEncryptionProperty,