Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Client Encryption: Adds integration with latest CosmosDb Preview Package 3.19.0-preview #2433

Merged
merged 5 commits into from
Apr 29, 2021
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion Directory.Build.props
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
<ClientPreviewVersion>3.19.0</ClientPreviewVersion>
<ClientPreviewSuffixVersion>preview</ClientPreviewSuffixVersion>
<DirectVersion>3.19.1</DirectVersion>
<EncryptionVersion>1.0.0-previewV13</EncryptionVersion>
<EncryptionVersion>1.0.0-previewV14</EncryptionVersion>
<HybridRowVersion>1.1.0-preview3</HybridRowVersion>
<AboveDirBuildProps>$([MSBuild]::GetPathOfFileAbove('Directory.Build.props', '$(MSBuildThisFileDirectory)../'))</AboveDirBuildProps>
<DefineConstants Condition=" '$(IsNightly)' == 'true' or '$(IsPreview)' == 'true' ">$(DefineConstants);PREVIEW</DefineConstants>
Expand Down
5 changes: 5 additions & 0 deletions Microsoft.Azure.Cosmos.Encryption/changelog.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,11 @@ Preview features are treated as a separate branch and will not be included in th
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

### <a name="1.0.0-previewV14"/> [1.0.0-previewV14](https://www.nuget.org/packages/Microsoft.Azure.Cosmos.Encryption/1.0.0-previewV14) - 2021-04-28

#### Added
- [#2433](https://github.com/Azure/azure-cosmos-dotnet-v3/pull/2433) Adds integration with latest CosmosDb Preview Package - 3.19.0-preview.

### <a name="1.0.0-previewV13"/> [1.0.0-previewV13](https://www.nuget.org/packages/Microsoft.Azure.Cosmos.Encryption/1.0.0-previewV13) - 2021-03-26

#### Added
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -926,5 +926,49 @@ public override Task<ResponseMessage> PatchItemStreamAsync(
{
throw new NotImplementedException();
}

public override Task<ResponseMessage> ReadManyItemsStreamAsync(
IReadOnlyList<(string id, PartitionKey partitionKey)> items,
ReadManyRequestOptions readManyRequestOptions = null,
CancellationToken cancellationToken = default)
{
throw new NotImplementedException();
}

public override Task<FeedResponse<T>> ReadManyItemsAsync<T>(
IReadOnlyList<(string id, PartitionKey partitionKey)> items,
ReadManyRequestOptions readManyRequestOptions = null,
CancellationToken cancellationToken = default)
{
throw new NotImplementedException();
}

public override ChangeFeedProcessorBuilder GetChangeFeedProcessorBuilder<T>(
string processorName,
ChangeFeedHandler<T> onChangesDelegate)
{
throw new NotImplementedException();
}

public override ChangeFeedProcessorBuilder GetChangeFeedProcessorBuilderWithManualCheckpoint<T>(
string processorName,
ChangeFeedHandlerWithManualCheckpoint<T> onChangesDelegate)
{
throw new NotImplementedException();
}

public override ChangeFeedProcessorBuilder GetChangeFeedProcessorBuilder(
string processorName,
ChangeFeedStreamHandler onChangesDelegate)
{
throw new NotImplementedException();
}

public override ChangeFeedProcessorBuilder GetChangeFeedProcessorBuilderWithManualCheckpoint(
string processorName,
ChangeFeedStreamHandlerWithManualCheckpoint onChangesDelegate)
{
throw new NotImplementedException();
}
}
}
45 changes: 45 additions & 0 deletions Microsoft.Azure.Cosmos.Encryption/src/EncryptionContainer.cs
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ namespace Microsoft.Azure.Cosmos.Encryption
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Runtime.CompilerServices;
using System.Threading;
using System.Threading.Tasks;
using Microsoft.Azure.Cosmos;
Expand Down Expand Up @@ -780,5 +781,49 @@ public override Task<ResponseMessage> PatchItemStreamAsync(
{
throw new NotImplementedException();
}

public override Task<ResponseMessage> ReadManyItemsStreamAsync(
IReadOnlyList<(string id, PartitionKey partitionKey)> items,
ReadManyRequestOptions readManyRequestOptions = null,
CancellationToken cancellationToken = default)
{
throw new NotImplementedException();
}

public override Task<FeedResponse<T>> ReadManyItemsAsync<T>(
IReadOnlyList<(string id, PartitionKey partitionKey)> items,
ReadManyRequestOptions readManyRequestOptions = null,
CancellationToken cancellationToken = default)
{
throw new NotImplementedException();
}

public override ChangeFeedProcessorBuilder GetChangeFeedProcessorBuilder<T>(
string processorName,
ChangeFeedHandler<T> onChangesDelegate)
{
throw new NotImplementedException();
}

public override ChangeFeedProcessorBuilder GetChangeFeedProcessorBuilderWithManualCheckpoint<T>(
string processorName,
ChangeFeedHandlerWithManualCheckpoint<T> onChangesDelegate)
{
throw new NotImplementedException();
}

public override ChangeFeedProcessorBuilder GetChangeFeedProcessorBuilder(
string processorName,
ChangeFeedStreamHandler onChangesDelegate)
{
throw new NotImplementedException();
}

public override ChangeFeedProcessorBuilder GetChangeFeedProcessorBuilderWithManualCheckpoint(
string processorName,
ChangeFeedStreamHandlerWithManualCheckpoint onChangesDelegate)
{
throw new NotImplementedException();
}
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@
</ItemGroup>

<ItemGroup>
<PackageReference Include="Microsoft.Azure.Cosmos" Version="3.18.0-preview" />
<PackageReference Include="Microsoft.Azure.Cosmos" Version="3.19.0-preview" />
<PackageReference Include="Azure.Core" Version="1.3.0" />
<PackageReference Include="Azure.Identity" Version="1.1.1" />
<PackageReference Include="Microsoft.Data.Encryption.Cryptography" Version="0.2.0-pre" />
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -25,8 +25,8 @@ namespace Microsoft.Azure.Cosmos.Encryption.EmulatorTests
[TestClass]
public class MdeEncryptionTests
{
private static readonly EncryptionKeyWrapMetadata metadata1 = new EncryptionKeyWrapMetadata("key1", "tempmetadata1");
private static readonly EncryptionKeyWrapMetadata metadata2 = new EncryptionKeyWrapMetadata("key2", "tempmetadata2");
private static readonly EncryptionKeyWrapMetadata metadata1 = new EncryptionKeyWrapMetadata("custom", "key1", "tempmetadata1");
private static readonly EncryptionKeyWrapMetadata metadata2 = new EncryptionKeyWrapMetadata("custom", "key2", "tempmetadata2");

private static CosmosClient client;
private static CosmosClient encryptionCosmosClient;
Expand Down Expand Up @@ -233,17 +233,17 @@ public async Task EncryptionBulkCrud()
public async Task EncryptionCreateClientEncryptionKey()
{
string cekId = "anotherCek";
EncryptionKeyWrapMetadata metadata1 = new EncryptionKeyWrapMetadata(cekId, "testmetadata1");
EncryptionKeyWrapMetadata metadata1 = new EncryptionKeyWrapMetadata("custom", cekId, "testmetadata1");
ClientEncryptionKeyProperties clientEncryptionKeyProperties = await MdeEncryptionTests.CreateClientEncryptionKeyAsync(
cekId,
metadata1);

Assert.AreEqual(
new EncryptionKeyWrapMetadata(name: cekId, value: metadata1.Value),
new EncryptionKeyWrapMetadata("custom", name: cekId, value: metadata1.Value),
clientEncryptionKeyProperties.EncryptionKeyWrapMetadata);

// creating another key with same id should fail
metadata1 = new EncryptionKeyWrapMetadata(cekId, "testmetadata2");
metadata1 = new EncryptionKeyWrapMetadata("custom", cekId, "testmetadata2");

try
{
Expand All @@ -264,22 +264,22 @@ await MdeEncryptionTests.CreateClientEncryptionKeyAsync(
public async Task EncryptionRewrapClientEncryptionKey()
{
string cekId = "rewrapkeytest";
EncryptionKeyWrapMetadata metadata1 = new EncryptionKeyWrapMetadata(cekId, "testmetadata1");
EncryptionKeyWrapMetadata metadata1 = new EncryptionKeyWrapMetadata("custom", cekId, "testmetadata1");
ClientEncryptionKeyProperties clientEncryptionKeyProperties = await MdeEncryptionTests.CreateClientEncryptionKeyAsync(
cekId,
metadata1);

Assert.AreEqual(
new EncryptionKeyWrapMetadata(name: cekId, value: metadata1.Value),
new EncryptionKeyWrapMetadata("custom", name: cekId, value: metadata1.Value),
clientEncryptionKeyProperties.EncryptionKeyWrapMetadata);

EncryptionKeyWrapMetadata updatedMetaData = new EncryptionKeyWrapMetadata(cekId, metadata1 + "updatedmetadata");
EncryptionKeyWrapMetadata updatedMetaData = new EncryptionKeyWrapMetadata("custom", cekId, metadata1 + "updatedmetadata");
clientEncryptionKeyProperties = await MdeEncryptionTests.RewarpClientEncryptionKeyAsync(
cekId,
updatedMetaData);

Assert.AreEqual(
new EncryptionKeyWrapMetadata(name: cekId, value: updatedMetaData.Value),
new EncryptionKeyWrapMetadata("custom", name: cekId, value: updatedMetaData.Value),
abhijitpai marked this conversation as resolved.
Show resolved Hide resolved
clientEncryptionKeyProperties.EncryptionKeyWrapMetadata);

}
Expand Down Expand Up @@ -339,7 +339,7 @@ public async Task EncryptionResourceTokenAuthRestricted()
try
{
string cekId = "testingcekID";
EncryptionKeyWrapMetadata metadata1 = new EncryptionKeyWrapMetadata(cekId, "testmetadata1");
EncryptionKeyWrapMetadata metadata1 = new EncryptionKeyWrapMetadata("custom", cekId, "testmetadata1");

ClientEncryptionKeyResponse clientEncrytionKeyResponse = await databaseForRestrictedUser.CreateClientEncryptionKeyAsync(
cekId,
Expand All @@ -354,7 +354,7 @@ public async Task EncryptionResourceTokenAuthRestricted()
try
{
string cekId = "testingcekID";
EncryptionKeyWrapMetadata metadata1 = new EncryptionKeyWrapMetadata(cekId, "testmetadata1" + "updated");
EncryptionKeyWrapMetadata metadata1 = new EncryptionKeyWrapMetadata("custom", cekId, "testmetadata1" + "updated");

ClientEncryptionKeyResponse clientEncrytionKeyResponse = await databaseForRestrictedUser.RewrapClientEncryptionKeyAsync(
cekId,
Expand Down Expand Up @@ -814,7 +814,7 @@ public async Task VerifyKekRevokeHandling()
// Once a Dek gets cached and the Kek is revoked, calls to unwrap/wrap keys would fail since KEK is revoked.
// The Dek should be rewrapped if the KEK is revoked.
// When an access to KeyVault fails, the Dek is fetched from the backend(force refresh to update the stale DEK) and cache is updated.
EncryptionKeyWrapMetadata revokedKekmetadata = new EncryptionKeyWrapMetadata("revokedKek", "revokedKek-metadata");
EncryptionKeyWrapMetadata revokedKekmetadata = new EncryptionKeyWrapMetadata("custom", "revokedKek", "revokedKek-metadata");

await database.CreateClientEncryptionKeyAsync(
"keywithRevokedKek",
Expand Down