Client Encryption : Adds support to expose Type in EncryptionKeyWrapMetadata constructor.

Microsoft.Azure.Cosmos/src/Resource/ClientEncryptionKey/EncryptionKeyWrapMetadata.cs

@@ -25,52 +25,44 @@ private EncryptionKeyWrapMetadata()
 
         /// <summary>
         /// Creates a new instance of key wrap metadata.
-        /// </summary>
+        /// </summary> 
+        /// <param name="type">ProviderName of KeyStoreProvider.</param>
         /// <param name="name">Name of the metadata.</param>
         /// <param name="value">Value of the metadata.</param>
-        public EncryptionKeyWrapMetadata(string name, string value)
-            : this(type: "custom", name: name, value: value)
+        public EncryptionKeyWrapMetadata(string type, string name, string value)
         {
+            this.Type = type ?? throw new ArgumentNullException(nameof(type));
+            this.Name = name ?? throw new ArgumentNullException(nameof(name));
+            this.Value = value ?? throw new ArgumentNullException(nameof(value));
         }
 
         /// <summary>
         /// Creates a new instance of key wrap metadata based on an existing instance.
         /// </summary>
         /// <param name="source">Existing instance from which to initialize.</param>
         public EncryptionKeyWrapMetadata(EncryptionKeyWrapMetadata source)
-            : this(source?.Type, source?.Name, source?.Value, source?.Algorithm)
-        {
-        }
-
-        internal EncryptionKeyWrapMetadata(string type, string name, string value, string algorithm = null)
+            : this(source?.Type, source?.Name, source?.Value)
         {
-            this.Type = type ?? throw new ArgumentNullException(nameof(type));
-            this.Name = name ?? throw new ArgumentNullException(nameof(name));
-            this.Value = value ?? throw new ArgumentNullException(nameof(value));
-            this.Algorithm = algorithm;
-        }
+        }  
 
         [JsonProperty(PropertyName = "type", NullValueHandling = NullValueHandling.Ignore)]
-        internal string Type { get; private set; }
-
-        [JsonProperty(PropertyName = "algorithm", NullValueHandling = NullValueHandling.Ignore)]
-        internal string Algorithm { get; private set; }
+        internal string Type { get; set; }
 
         /// <summary>
         /// Serialized form of metadata.
         /// Note: This value is saved in the Cosmos DB service.
         /// Implementors of derived implementations should ensure that this does not have (private) key material or credential information.
         /// </summary>
         [JsonProperty(PropertyName = "name", NullValueHandling = NullValueHandling.Ignore)]
-        public string Name { get; private set; }
+        public string Name { get; set; }
 
         /// <summary>
         /// Serialized form of metadata.
         /// Note: This value is saved in the Cosmos DB service.
         /// Implementors of derived implementations should ensure that this does not have (private) key material or credential information.
         /// </summary>
         [JsonProperty(PropertyName = "value", NullValueHandling = NullValueHandling.Ignore)]
-        public string Value { get; private set; }
+        public string Value { get; set; }
 
         /// <inheritdoc/>
         public override bool Equals(object obj)
@@ -84,7 +76,6 @@ public override int GetHashCode()
         {
             int hashCode = 1265339359;
             hashCode = (hashCode * -1521134295) + EqualityComparer<string>.Default.GetHashCode(this.Type);
-            hashCode = (hashCode * -1521134295) + EqualityComparer<string>.Default.GetHashCode(this.Algorithm);
             hashCode = (hashCode * -1521134295) + EqualityComparer<string>.Default.GetHashCode(this.Name);
             hashCode = (hashCode * -1521134295) + EqualityComparer<string>.Default.GetHashCode(this.Value);
             return hashCode;
@@ -101,7 +92,6 @@ public bool Equals(EncryptionKeyWrapMetadata other)
         {
             return other != null &&
                    this.Type == other.Type &&
-                   this.Algorithm == other.Algorithm &&
                    this.Name == other.Name &&
                    this.Value == other.Value;
         }

Microsoft.Azure.Cosmos/src/Resource/Settings/ClientEncryptionPolicy.cs

@@ -86,9 +86,10 @@ private void ValidateClientEncryptionIncludedPath(ClientEncryptionIncludedPath c
             }
 
             if (!string.Equals(clientEncryptionIncludedPath.EncryptionType, "Deterministic") &&
-                !string.Equals(clientEncryptionIncludedPath.EncryptionType, "Randomized"))
+                !string.Equals(clientEncryptionIncludedPath.EncryptionType, "Randomized") &&
+                !string.Equals(clientEncryptionIncludedPath.EncryptionType, "Plaintext"))
             {
-                throw new ArgumentException("EncryptionType should be either 'Deterministic' or 'Randomized'.", nameof(clientEncryptionIncludedPath));
+                throw new ArgumentException("EncryptionType should be either 'Deterministic' or 'Randomized' or 'Plaintext'.", nameof(clientEncryptionIncludedPath));
             }
 
             if (string.IsNullOrWhiteSpace(clientEncryptionIncludedPath.EncryptionAlgorithm))

Microsoft.Azure.Cosmos/tests/Microsoft.Azure.Cosmos.EmulatorTests/CosmosDatabaseTests.cs

@@ -416,7 +416,7 @@ public async Task EncryptionCreateReplaceCek()
             Assert.IsNotNull(cekProperties.ResourceId);
 
             Assert.AreEqual(
-                new EncryptionKeyWrapMetadata("metadataName", "metadataValue"),
+                new EncryptionKeyWrapMetadata("custom", "metadataName", "metadataValue"),
                 cekProperties.EncryptionKeyWrapMetadata);
 
             // Use a different client instance to avoid (unintentional) cache impact
@@ -433,7 +433,7 @@ public async Task EncryptionCreateReplaceCek()
             Assert.IsNotNull(cekProperties.ResourceId);
 
             Assert.AreEqual(
-                new EncryptionKeyWrapMetadata("metadataName", "updatedMetadataValue"),
+                new EncryptionKeyWrapMetadata("custom", "metadataName", "updatedMetadataValue"),
                 cekProperties.EncryptionKeyWrapMetadata);
 
             // Use a different client instance to avoid (unintentional) cache impact
@@ -454,7 +454,7 @@ private static async Task<ClientEncryptionKeyProperties> CreateCekAsync(Database
                 rngCsp.GetBytes(rawCek);
             }
 
-            ClientEncryptionKeyProperties cekProperties = new ClientEncryptionKeyProperties(cekId, "AEAD_AES_256_CBC_HMAC_SHA256", rawCek, new EncryptionKeyWrapMetadata("metadataName", "metadataValue"));
+            ClientEncryptionKeyProperties cekProperties = new ClientEncryptionKeyProperties(cekId, "AEAD_AES_256_CBC_HMAC_SHA256", rawCek, new EncryptionKeyWrapMetadata("custom", "metadataName", "metadataValue"));
 
             ClientEncryptionKeyResponse cekResponse = await databaseCore.CreateClientEncryptionKeyAsync(cekProperties);
 
@@ -482,7 +482,7 @@ private static async Task<ClientEncryptionKeyProperties> ReplaceCekAsync(Databas
                 rngCsp.GetBytes(rawCek);
             }
 
-            ClientEncryptionKeyProperties cekProperties = new ClientEncryptionKeyProperties(cekId, "AEAD_AES_256_CBC_HMAC_SHA256", rawCek, new EncryptionKeyWrapMetadata("metadataName", "updatedMetadataValue"));
+            ClientEncryptionKeyProperties cekProperties = new ClientEncryptionKeyProperties(cekId, "AEAD_AES_256_CBC_HMAC_SHA256", rawCek, new EncryptionKeyWrapMetadata("custom", "metadataName", "updatedMetadataValue"));
 
             ClientEncryptionKeyResponse cekResponse = await cek.ReplaceAsync(cekProperties);
             Assert.AreEqual(HttpStatusCode.OK, cekResponse.StatusCode);
@@ -513,7 +513,7 @@ public async Task VerifyCekFeedIterator()
                 rngCsp.GetBytes(rawCek1);
             }
 
-            ClientEncryptionKeyProperties cekProperties = new ClientEncryptionKeyProperties(cekId, "AEAD_AES_256_CBC_HMAC_SHA256", rawCek1, new EncryptionKeyWrapMetadata("metadataName", "metadataValue"));
+            ClientEncryptionKeyProperties cekProperties = new ClientEncryptionKeyProperties(cekId, "AEAD_AES_256_CBC_HMAC_SHA256", rawCek1, new EncryptionKeyWrapMetadata("custom", "metadataName", "metadataValue"));
 
             ClientEncryptionKeyResponse cekResponse = await databaseCore.CreateClientEncryptionKeyAsync(cekProperties);
 
@@ -528,7 +528,7 @@ public async Task VerifyCekFeedIterator()
                 rngCsp.GetBytes(rawCek2);
             }
 
-            cekProperties = new ClientEncryptionKeyProperties(cekId, "AEAD_AES_256_CBC_HMAC_SHA256", rawCek2, new EncryptionKeyWrapMetadata("metadataName", "metadataValue"));
+            cekProperties = new ClientEncryptionKeyProperties(cekId, "AEAD_AES_256_CBC_HMAC_SHA256", rawCek2, new EncryptionKeyWrapMetadata("custom", "metadataName", "metadataValue"));
 
             cekResponse = await databaseCore.CreateClientEncryptionKeyAsync(cekProperties);
 
@@ -552,6 +552,7 @@ public async Task VerifyCekFeedIterator()
             {
                 readDekIds.Add(clientEncryptionKeyProperties.Id);
                 Assert.AreEqual("AEAD_AES_256_CBC_HMAC_SHA256", clientEncryptionKeyProperties.EncryptionAlgorithm);
+                Assert.AreEqual(cekProperties.EncryptionKeyWrapMetadata.Type, clientEncryptionKeyProperties.EncryptionKeyWrapMetadata.Type);
                 Assert.AreEqual(cekProperties.EncryptionKeyWrapMetadata.Name, clientEncryptionKeyProperties.EncryptionKeyWrapMetadata.Name);
                 Assert.AreEqual(cekProperties.EncryptionKeyWrapMetadata.Value, clientEncryptionKeyProperties.EncryptionKeyWrapMetadata.Value);
             }

Microsoft.Azure.Cosmos/tests/Microsoft.Azure.Cosmos.EmulatorTests/Fluent/ContainerSettingsTests.cs

@@ -677,7 +677,7 @@ public async Task WithClientEncryptionPolicyFailureTest()
             }
             catch (ArgumentException ex)
             {
-                Assert.IsTrue(ex.Message.Contains("EncryptionType should be either 'Deterministic' or 'Randomized'."));
+                Assert.IsTrue(ex.Message.Contains("EncryptionType should be either 'Deterministic' or 'Randomized' or 'Plaintext'."));
             }
 
             path1.EncryptionType = "Deterministic";

Microsoft.Azure.Cosmos/tests/Microsoft.Azure.Cosmos.Tests/Contracts/DotNetPreviewSDKAPI.json

@@ -817,10 +817,10 @@
           "Attributes": [],
           "MethodInfo": "[Void .ctor(Microsoft.Azure.Cosmos.EncryptionKeyWrapMetadata), Void .ctor(Microsoft.Azure.Cosmos.EncryptionKeyWrapMetadata)]"
         },
-        "Void .ctor(System.String, System.String)": {
+        "Void .ctor(System.String, System.String, System.String)": {
           "Type": "Constructor",
           "Attributes": [],
-          "MethodInfo": "[Void .ctor(System.String, System.String), Void .ctor(System.String, System.String)]"
+          "MethodInfo": "[Void .ctor(System.String, System.String, System.String), Void .ctor(System.String, System.String, System.String)]"
         }
       },
       "NestedTypes": {}