From b4122cd51d65dd0979669de1afed7477033d78ca Mon Sep 17 00:00:00 2001
From: Espen Albert <espen.albert@mongodb.com>
Date: Wed, 21 May 2025 14:01:23 +0100
Subject: [PATCH 1/4] fix: Remove stylistic linter rules from generated
 TypeScript files

---
 scripts/cdk.sh | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/scripts/cdk.sh b/scripts/cdk.sh
index 2e210a5a..552385d9 100755
--- a/scripts/cdk.sh
+++ b/scripts/cdk.sh
@@ -60,5 +60,7 @@ sed -e 's/UNDERSCORE_//g' -e 's/HYPHEN_//g' -e 's/PERIOD_//g' -e 's/VALUE_//g' "
 # Fix @typescript-eslint/no-shadow es-linter error in file federated-database-instance/index.ts
 sed -e 's/map(y => toJson_TagSet(y))/map(x => toJson_TagSet(x))/g' "${dest}" > "${dest}.tmp" && mv "${dest}.tmp" "${dest}"
 
+sed -e 's|@stylistic/max-len, ||g' -e 's|, @stylistic/quote-props||g' "${dest}" > "${dest}.tmp" && mv "${dest}.tmp" "${dest}"
+
 echo
 echo "L1 CDK resource generated succesfully: ${resource}, CFN type: ${resourceType}"

From 890fb978611bcf356625aa68223bc2b4dc0cc80a Mon Sep 17 00:00:00 2001
From: Espen Albert <espen.albert@mongodb.com>
Date: Wed, 21 May 2025 14:01:33 +0100
Subject: [PATCH 2/4] update l1 resources

---
 src/l1-resources/cluster/index.ts | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/src/l1-resources/cluster/index.ts b/src/l1-resources/cluster/index.ts
index e4b65844..a9fc63e4 100644
--- a/src/l1-resources/cluster/index.ts
+++ b/src/l1-resources/cluster/index.ts
@@ -230,6 +230,20 @@ export interface ProcessArgs {
    */
   readonly minimumEnabledTlsProtocol?: string;
 
+  /**
+   * The TLS cipher suite configuration mode. Valid values include `CUSTOM` or `DEFAULT`. The `DEFAULT` mode uses the default cipher suites. The `CUSTOM` mode allows you to specify custom cipher suites for both TLS 1.2 and TLS 1.3. To unset, this should be set back to `DEFAULT`.
+   *
+   * @schema processArgs#TlsCipherConfigMode
+   */
+  readonly tlsCipherConfigMode?: string;
+
+  /**
+   * The custom OpenSSL cipher suite list for TLS 1.2. This field is only valid when `tls_cipher_config_mode` is set to `CUSTOM`.
+   *
+   * @schema processArgs#CustomOpensslCipherConfigTls12
+   */
+  readonly customOpensslCipherConfigTls12?: string[];
+
   /**
    * Flag that indicates whether the cluster disables executing any query that requires a collection scan to return results.
    *
@@ -289,6 +303,10 @@ export function toJson_ProcessArgs(
     FailIndexKeyTooLong: obj.failIndexKeyTooLong,
     JavascriptEnabled: obj.javascriptEnabled,
     MinimumEnabledTLSProtocol: obj.minimumEnabledTlsProtocol,
+    TlsCipherConfigMode: obj.tlsCipherConfigMode,
+    CustomOpensslCipherConfigTls12: obj.customOpensslCipherConfigTls12?.map(
+      (y) => y
+    ),
     NoTableScan: obj.noTableScan,
     OplogSizeMB: obj.oplogSizeMb,
     SampleSizeBIConnector: obj.sampleSizeBiConnector,

From 32209065c4a77c44d8cfb9c82551a487e26ae90f Mon Sep 17 00:00:00 2001
From: Espen Albert <espen.albert@mongodb.com>
Date: Wed, 21 May 2025 14:12:14 +0100
Subject: [PATCH 3/4] chore: regenerate API.md

---
 API.md | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/API.md b/API.md
index 3be628ac..8016d75a 100644
--- a/API.md
+++ b/API.md
@@ -45045,6 +45045,7 @@ const processArgs: ProcessArgs = { ... }
 
 | **Name** | **Type** | **Description** |
 | --- | --- | --- |
+| <code><a href="#awscdk-resources-mongodbatlas.ProcessArgs.property.customOpensslCipherConfigTls12">customOpensslCipherConfigTls12</a></code> | <code>string[]</code> | The custom OpenSSL cipher suite list for TLS 1.2. This field is only valid when `tls_cipher_config_mode` is set to `CUSTOM`. |
 | <code><a href="#awscdk-resources-mongodbatlas.ProcessArgs.property.defaultReadConcern">defaultReadConcern</a></code> | <code>string</code> | Default level of acknowledgment requested from MongoDB for read operations set for this cluster. |
 | <code><a href="#awscdk-resources-mongodbatlas.ProcessArgs.property.defaultWriteConcern">defaultWriteConcern</a></code> | <code>string</code> | Default level of acknowledgment requested from MongoDB for write operations set for this cluster. |
 | <code><a href="#awscdk-resources-mongodbatlas.ProcessArgs.property.failIndexKeyTooLong">failIndexKeyTooLong</a></code> | <code>boolean</code> | Flag that indicates whether you can insert or update documents where all indexed entries don't exceed 1024 bytes. |
@@ -45055,10 +45056,23 @@ const processArgs: ProcessArgs = { ... }
 | <code><a href="#awscdk-resources-mongodbatlas.ProcessArgs.property.oplogSizeMb">oplogSizeMb</a></code> | <code>number</code> | Storage limit of cluster's oplog expressed in megabytes. |
 | <code><a href="#awscdk-resources-mongodbatlas.ProcessArgs.property.sampleRefreshIntervalBiConnector">sampleRefreshIntervalBiConnector</a></code> | <code>number</code> | Number of documents per database to sample when gathering schema information. |
 | <code><a href="#awscdk-resources-mongodbatlas.ProcessArgs.property.sampleSizeBiConnector">sampleSizeBiConnector</a></code> | <code>number</code> | Interval in seconds at which the mongosqld process re-samples data to create its relational schema. |
+| <code><a href="#awscdk-resources-mongodbatlas.ProcessArgs.property.tlsCipherConfigMode">tlsCipherConfigMode</a></code> | <code>string</code> | The TLS cipher suite configuration mode. |
 | <code><a href="#awscdk-resources-mongodbatlas.ProcessArgs.property.transactionLifetimeLimitSeconds">transactionLifetimeLimitSeconds</a></code> | <code>number</code> | Lifetime, in seconds, of multi-document transactions. |
 
 ---
 
+##### `customOpensslCipherConfigTls12`<sup>Optional</sup> <a name="customOpensslCipherConfigTls12" id="awscdk-resources-mongodbatlas.ProcessArgs.property.customOpensslCipherConfigTls12"></a>
+
+```typescript
+public readonly customOpensslCipherConfigTls12: string[];
+```
+
+- *Type:* string[]
+
+The custom OpenSSL cipher suite list for TLS 1.2. This field is only valid when `tls_cipher_config_mode` is set to `CUSTOM`.
+
+---
+
 ##### `defaultReadConcern`<sup>Optional</sup> <a name="defaultReadConcern" id="awscdk-resources-mongodbatlas.ProcessArgs.property.defaultReadConcern"></a>
 
 ```typescript
@@ -45187,6 +45201,20 @@ Interval in seconds at which the mongosqld process re-samples data to create its
 
 ---
 
+##### `tlsCipherConfigMode`<sup>Optional</sup> <a name="tlsCipherConfigMode" id="awscdk-resources-mongodbatlas.ProcessArgs.property.tlsCipherConfigMode"></a>
+
+```typescript
+public readonly tlsCipherConfigMode: string;
+```
+
+- *Type:* string
+
+The TLS cipher suite configuration mode.
+
+Valid values include `CUSTOM` or `DEFAULT`. The `DEFAULT` mode uses the default cipher suites. The `CUSTOM` mode allows you to specify custom cipher suites for both TLS 1.2 and TLS 1.3. To unset, this should be set back to `DEFAULT`.
+
+---
+
 ##### `transactionLifetimeLimitSeconds`<sup>Optional</sup> <a name="transactionLifetimeLimitSeconds" id="awscdk-resources-mongodbatlas.ProcessArgs.property.transactionLifetimeLimitSeconds"></a>
 
 ```typescript

From baad3719abfd4a73de47577fdfcf28f3e812d5ea Mon Sep 17 00:00:00 2001
From: Espen Albert <espen.albert@mongodb.com>
Date: Wed, 21 May 2025 17:23:14 +0100
Subject: [PATCH 4/4] address PR comment

---
 scripts/cdk.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/scripts/cdk.sh b/scripts/cdk.sh
index 552385d9..9c04dfd6 100755
--- a/scripts/cdk.sh
+++ b/scripts/cdk.sh
@@ -60,6 +60,7 @@ sed -e 's/UNDERSCORE_//g' -e 's/HYPHEN_//g' -e 's/PERIOD_//g' -e 's/VALUE_//g' "
 # Fix @typescript-eslint/no-shadow es-linter error in file federated-database-instance/index.ts
 sed -e 's/map(y => toJson_TagSet(y))/map(x => toJson_TagSet(x))/g' "${dest}" > "${dest}.tmp" && mv "${dest}.tmp" "${dest}"
 
+# Fix errors like `Definition for rule '@stylistic/max-len' was not found      @stylistic/max-len` until eslint 9 is supported by projen: https://github.com/projen/projen/issues/3240
 sed -e 's|@stylistic/max-len, ||g' -e 's|, @stylistic/quote-props||g' "${dest}" > "${dest}.tmp" && mv "${dest}.tmp" "${dest}"
 
 echo