Skip to content

Commit

Permalink
Client Encryption: Adds code to fix breaking changes introduced in pu…
Browse files Browse the repository at this point in the history 
…blic surface client encryption policy APIs (#3266)

* Support PK and Id encryption. Bump up policy format version.

* Update DotNetSDKAPI.json

* Update CosmosContainerTests.cs

* fixes as per review comments. Added float pk constructor.

* Update ClientEncryptionPolicy.cs

* fixed exception message.

* Update ClientEncryptionPolicy.cs

* fixes, policy format in client encryption policy definition.

* get raw partition key values from partition key list.

* Update CosmosContainerTests.cs

* Fixes as per review request.

* fixed contracts.

* Fixes as per review comments.

* Fixed breaking changes for minor version release.

* Fixed description

* updated description.

* Update ClientEncryptionPolicy.cs

* Update ClientEncryptionPolicy.cs
  • Loading branch information
@kr-santosh
kr-santosh authored Jun 14, 2022
1 parent 4875e45 commit 0191140
Show file tree
Hide file tree
Showing 6 changed files with 72 additions and 33 deletions.
5 changes: 4 additions & 1 deletion Microsoft.Azure.Cosmos/src/Fluent/Settings/ClientEncryptionPolicyDefinition.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,10 @@ public ClientEncryptionPolicyDefinition WithIncludedPath(ClientEncryptionInclude
/// <returns>An instance of the parent.</returns>
public ContainerBuilder Attach()
{
this.attachCallback(new ClientEncryptionPolicy(this.clientEncryptionIncludedPaths, this.policyFormatVersion));
this.attachCallback(new ClientEncryptionPolicy(
includedPaths: this.clientEncryptionIncludedPaths,
policyFormatVersion: this.policyFormatVersion));

return this.parent;
}
}
Expand Down
18 changes: 16 additions & 2 deletions Microsoft.Azure.Cosmos/src/Fluent/Settings/ContainerBuilder.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -87,12 +87,26 @@ ChangeFeedPolicyDefinition WithChangeFeedPolicy(TimeSpan retention)
(changeFeedPolicy) => this.AddChangeFeedPolicy(changeFeedPolicy));
}

/// <summary>
/// Defines the <see cref="ClientEncryptionPolicy"/> for Azure Cosmos container.
/// The <see cref="ClientEncryptionPolicy.PolicyFormatVersion"/> will be set to 1.
/// Note: If you need to include partition key or id field paths as part of <see cref="ClientEncryptionPolicy"/>, please set <see cref="ClientEncryptionPolicy.PolicyFormatVersion"/> to 2.
/// </summary>
/// <returns>An instance of <see cref="ClientEncryptionPolicyDefinition"/>.</returns>
public ClientEncryptionPolicyDefinition WithClientEncryptionPolicy()
{
return new ClientEncryptionPolicyDefinition(
this,
(clientEncryptionPolicy) => this.AddClientEncryptionPolicy(clientEncryptionPolicy), 1);
}

/// <summary>
/// Defines the ClientEncryptionPolicy for Azure Cosmos container
/// Note: If you need to include partition key or id field paths as part of <see cref="ClientEncryptionPolicy"/>, please set <see cref="ClientEncryptionPolicy.PolicyFormatVersion"/> to 2.
/// </summary>
/// <param name="policyFormatVersion">Version of the client encryption policy definition. Current supported versions are 1 and 2. Default version is 1.</param>
/// <param name="policyFormatVersion">Version of the client encryption policy definition. Current supported versions are 1 and 2.</param>
/// <returns>An instance of <see cref="ClientEncryptionPolicyDefinition"/>.</returns>
public ClientEncryptionPolicyDefinition WithClientEncryptionPolicy(int policyFormatVersion = 1)
public ClientEncryptionPolicyDefinition WithClientEncryptionPolicy(int policyFormatVersion)
{
return new ClientEncryptionPolicyDefinition(
this,
Expand Down
16 changes: 14 additions & 2 deletions Microsoft.Azure.Cosmos/src/Resource/Settings/ClientEncryptionPolicy.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,10 +51,22 @@ public sealed class ClientEncryptionPolicy
{
/// <summary>
/// Initializes a new instance of the <see cref="ClientEncryptionPolicy"/> class.
/// The <see cref="PolicyFormatVersion"/> will be set to 1.
/// Note: If you need to include partition key or id field paths as part of <see cref="ClientEncryptionPolicy"/>, please set <see cref="PolicyFormatVersion"/> to 2.
/// </summary>
/// <param name="includedPaths">List of paths to include in the policy definition.</param>
public ClientEncryptionPolicy(IEnumerable<ClientEncryptionIncludedPath> includedPaths)
: this(includedPaths: includedPaths, policyFormatVersion: 1)
{
}

/// <summary>
/// Initializes a new instance of the <see cref="ClientEncryptionPolicy"/> class.
/// Note: If you need to include partition key or id field paths as part of <see cref="ClientEncryptionPolicy"/>, please set <see cref="PolicyFormatVersion"/> to 2.
/// </summary>
/// <param name="includedPaths">List of paths to include in the policy definition.</param>
/// <param name="policyFormatVersion"> Version of the client encryption policy definition. Current supported versions are 1 and 2. Default version is 1. </param>
public ClientEncryptionPolicy(IEnumerable<ClientEncryptionIncludedPath> includedPaths, int policyFormatVersion = 1)
/// <param name="policyFormatVersion"> Version of the client encryption policy definition. Current supported versions are 1 and 2.</param>
public ClientEncryptionPolicy(IEnumerable<ClientEncryptionIncludedPath> includedPaths, int policyFormatVersion)
{
this.PolicyFormatVersion = (policyFormatVersion > 2 || policyFormatVersion < 1) ? throw new ArgumentException($"Supported versions of client encryption policy are 1 and 2. ") : policyFormatVersion;
ClientEncryptionPolicy.ValidateIncludedPaths(includedPaths, policyFormatVersion);
Expand Down
8 changes: 4 additions & 4 deletions Microsoft.Azure.Cosmos/tests/Microsoft.Azure.Cosmos.EmulatorTests/CosmosContainerTests.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1591,7 +1591,7 @@ public async Task ClientEncryptionPolicyFailureTest()
{
Id = containerName,
PartitionKey = new Documents.PartitionKeyDefinition() { Paths = new Collection<string> { partitionKeyPath }, Kind = Documents.PartitionKind.Hash },
ClientEncryptionPolicy = new ClientEncryptionPolicy(pathsToEncryptWithPartitionKey, 2)
ClientEncryptionPolicy = new ClientEncryptionPolicy(includedPaths: pathsToEncryptWithPartitionKey, policyFormatVersion: 2)
};

await this.cosmosDatabase.CreateContainerAsync(setting);
Expand Down Expand Up @@ -1626,7 +1626,7 @@ public async Task ClientEncryptionPolicyFailureTest()
{
Id = containerName,
PartitionKey = new Documents.PartitionKeyDefinition() { Paths = new Collection<string> { partitionKeyPath }, Kind = Documents.PartitionKind.Hash },
ClientEncryptionPolicy = new ClientEncryptionPolicy(pathsToEncryptWithPartitionKey, 2)
ClientEncryptionPolicy = new ClientEncryptionPolicy(includedPaths: pathsToEncryptWithPartitionKey, policyFormatVersion: 2)
};

await this.cosmosDatabase.CreateContainerAsync(setting);
Expand Down Expand Up @@ -1712,7 +1712,7 @@ public async Task ClientEncryptionPolicyFailureTest()
{
Id = containerName,
PartitionKeyPaths = new Collection<string> { "/path1", "/id" },
ClientEncryptionPolicy = new ClientEncryptionPolicy(pathsToEncryptWithPartitionKey, 2)
ClientEncryptionPolicy = new ClientEncryptionPolicy(includedPaths: pathsToEncryptWithPartitionKey, policyFormatVersion: 2)
};

await this.cosmosDatabase.CreateContainerAsync(setting);
Expand Down Expand Up @@ -1741,7 +1741,7 @@ public async Task ClientEncryptionPolicyFailureTest()
{
Id = containerName,
PartitionKeyPaths = new Collection<string> { partitionKeyPath, "/path1" },
ClientEncryptionPolicy = new ClientEncryptionPolicy(pathsToEncryptWithPartitionKey, 2)
ClientEncryptionPolicy = new ClientEncryptionPolicy(includedPaths: pathsToEncryptWithPartitionKey, policyFormatVersion: 2)
};

await this.cosmosDatabase.CreateContainerAsync(setting);
Expand Down
48 changes: 24 additions & 24 deletions ....Azure.Cosmos/tests/Microsoft.Azure.Cosmos.EmulatorTests/Fluent/ContainerSettingsTests.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -622,9 +622,9 @@ public async Task WithClientEncryptionPolicyTest()

ContainerResponse containerResponse = await this.database.DefineContainer(containerName, partitionKeyPath)
.WithClientEncryptionPolicy(policyFormatVersion:2)
.WithIncludedPath(path1)
.WithIncludedPath(path2)
.Attach()
.WithIncludedPath(path1)
.WithIncludedPath(path2)
.Attach()
.CreateAsync();

Assert.AreEqual(HttpStatusCode.Created, containerResponse.StatusCode);
Expand Down Expand Up @@ -663,9 +663,9 @@ public async Task WithClientEncryptionPolicyTest()

containerResponse = await this.database.DefineContainer(containerName, partitionKeyPath)
.WithClientEncryptionPolicy()
.WithIncludedPath(path1)
.WithIncludedPath(path2)
.Attach()
.WithIncludedPath(path1)
.WithIncludedPath(path2)
.Attach()
.CreateAsync();

Assert.AreEqual(HttpStatusCode.Created, containerResponse.StatusCode);
Expand Down Expand Up @@ -715,8 +715,8 @@ public async Task WithClientEncryptionPolicyFailureTest()
{
ContainerResponse containerResponse = await this.database.DefineContainer(containerName, partitionKeyPath)
.WithClientEncryptionPolicy()
.WithIncludedPath(path1)
.Attach()
.WithIncludedPath(path1)
.Attach()
.CreateAsync();

Assert.Fail("CreateCollection with invalid ClientEncryptionPolicy should have failed.");
Expand All @@ -733,8 +733,8 @@ public async Task WithClientEncryptionPolicyFailureTest()
{
ContainerResponse containerResponse = await this.database.DefineContainer(containerName, partitionKeyPath)
.WithClientEncryptionPolicy()
.WithIncludedPath(path1)
.Attach()
.WithIncludedPath(path1)
.Attach()
.CreateAsync();

Assert.Fail("CreateCollection with invalid ClientEncryptionPolicy should have failed.");
Expand All @@ -751,8 +751,8 @@ public async Task WithClientEncryptionPolicyFailureTest()
{
ContainerResponse containerResponse = await this.database.DefineContainer(containerName, partitionKeyPath)
.WithClientEncryptionPolicy()
.WithIncludedPath(path1)
.Attach()
.WithIncludedPath(path1)
.Attach()
.CreateAsync();

Assert.Fail("CreateCollection with invalid ClientEncryptionPolicy should have failed.");
Expand All @@ -769,8 +769,8 @@ public async Task WithClientEncryptionPolicyFailureTest()
{
ContainerResponse containerResponse = await this.database.DefineContainer(containerName, partitionKeyPath)
.WithClientEncryptionPolicy()
.WithIncludedPath(path1)
.Attach()
.WithIncludedPath(path1)
.Attach()
.CreateAsync();

Assert.Fail("CreateCollection with invalid ClientEncryptionPolicy should have failed.");
Expand All @@ -787,8 +787,8 @@ public async Task WithClientEncryptionPolicyFailureTest()
{
ContainerResponse containerResponse = await this.database.DefineContainer(containerName, partitionKeyPath)
.WithClientEncryptionPolicy()
.WithIncludedPath(path1)
.Attach()
.WithIncludedPath(path1)
.Attach()
.CreateAsync();

Assert.Fail("CreateCollection with invalid ClientEncryptionPolicy should have failed.");
Expand All @@ -804,8 +804,8 @@ public async Task WithClientEncryptionPolicyFailureTest()
{
ContainerResponse containerResponse = await this.database.DefineContainer(containerName, partitionKeyPath)
.WithClientEncryptionPolicy()
.WithIncludedPath(path1)
.Attach()
.WithIncludedPath(path1)
.Attach()
.CreateAsync();

Assert.Fail("CreateCollection with invalid ClientEncryptionPolicy should have failed.");
Expand All @@ -821,9 +821,9 @@ public async Task WithClientEncryptionPolicyFailureTest()
try
{
ContainerResponse containerResponse = await this.database.DefineContainer(containerName, partitionKeyPath)
.WithClientEncryptionPolicy(2)
.WithIncludedPath(path1)
.Attach()
.WithClientEncryptionPolicy(policyFormatVersion:2)
.WithIncludedPath(path1)
.Attach()
.CreateAsync();

Assert.Fail("CreateCollection with invalid ClientEncryptionPolicy should have failed.");
Expand All @@ -838,9 +838,9 @@ public async Task WithClientEncryptionPolicyFailureTest()
try
{
ContainerResponse containerResponse = await this.database.DefineContainer(containerName, partitionKeyPath)
.WithClientEncryptionPolicy(2)
.WithIncludedPath(path1)
.Attach()
.WithClientEncryptionPolicy(policyFormatVersion:2)
.WithIncludedPath(path1)
.Attach()
.CreateAsync();

Assert.Fail("CreateCollection with invalid ClientEncryptionPolicy should have failed.");
Expand Down
10 changes: 10 additions & 0 deletions Microsoft.Azure.Cosmos/tests/Microsoft.Azure.Cosmos.Tests/Contracts/DotNetSDKAPI.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1000,6 +1000,11 @@
"Type": "Constructor",
"Attributes": [],
"MethodInfo": "[Void .ctor(System.Collections.Generic.IEnumerable`1[Microsoft.Azure.Cosmos.ClientEncryptionIncludedPath], Int32), Void .ctor(System.Collections.Generic.IEnumerable`1[Microsoft.Azure.Cosmos.ClientEncryptionIncludedPath], Int32)]"
},
"Void .ctor(System.Collections.Generic.IEnumerable`1[Microsoft.Azure.Cosmos.ClientEncryptionIncludedPath])": {
"Type": "Constructor",
"Attributes": [],
"MethodInfo": "[Void .ctor(System.Collections.Generic.IEnumerable`1[Microsoft.Azure.Cosmos.ClientEncryptionIncludedPath]), Void .ctor(System.Collections.Generic.IEnumerable`1[Microsoft.Azure.Cosmos.ClientEncryptionIncludedPath])]"
}
},
"NestedTypes": {}
Expand Down Expand Up @@ -4176,6 +4181,11 @@
"Attributes": [],
"MethodInfo": "Microsoft.Azure.Cosmos.ContainerProperties Build();IsAbstract:False;IsStatic:False;IsVirtual:False;IsGenericMethod:False;IsConstructor:False;IsFinal:False;"
},
"Microsoft.Azure.Cosmos.Fluent.ClientEncryptionPolicyDefinition WithClientEncryptionPolicy()": {
"Type": "Method",
"Attributes": [],
"MethodInfo": "Microsoft.Azure.Cosmos.Fluent.ClientEncryptionPolicyDefinition WithClientEncryptionPolicy();IsAbstract:False;IsStatic:False;IsVirtual:False;IsGenericMethod:False;IsConstructor:False;IsFinal:False;"
},
"Microsoft.Azure.Cosmos.Fluent.ClientEncryptionPolicyDefinition WithClientEncryptionPolicy(Int32)": {
"Type": "Method",
"Attributes": [],
Expand Down

0 comments on commit 0191140

Please sign in to comment.