Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add multi-user key store provider registration support #1056

Merged
merged 49 commits into from
May 17, 2021
Merged

Add multi-user key store provider registration support #1056

merged 49 commits into from
May 17, 2021

Conversation

johnnypham
Copy link
Contributor

These changes add a public method to register providers into an instance cache at the command-level, allowing users to maintain their own set of providers in the same application.

The current column encryption key (CEK) cache is global so a new CEK cache and signature verification cache is added at the SqlColumnEncryptionAzureKeyVaultProvider level. Each SqlColumnEncryptionAzureKeyVaultProvider is linked to a single TokenCredential, which serves as the user identity.

public class SqlCommand
{    
       // Added API: registers into command-level key store provider cache
       public void RegisterColumnEncryptionKeyStoreProvidersOnCommand(IDictionary<string, SqlColumnEncryptionKeyStoreProvider> customProviders);
}

@johnnypham johnnypham added the 🆕 Public API Issues/PRs that introduce new APIs to the driver. label Apr 28, 2021
@cheenamalhotra cheenamalhotra added this to the 3.0.0-preview3 milestone May 7, 2021
@cheenamalhotra cheenamalhotra requested a review from David-Engel May 7, 2021 21:18
Johnny Pham and others added 4 commits May 10, 2021 14:28
@David-Engel
Update src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SqlS…
cc762ed 
…ecurityUtility.cs

Co-authored-by: David Engel <dengel1012@gmail.com>
@David-Engel
Update src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SqlS…
2d7ca05 
…ecurityUtility.cs

Co-authored-by: David Engel <dengel1012@gmail.com>
@David-Engel
Update src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SqlS…
dbdba21 
…ecurityUtility.cs

Co-authored-by: David Engel <dengel1012@gmail.com>
@David-Engel
Update src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SqlS…
1fa3c47 
…ecurityUtility.cs

Co-authored-by: David Engel <dengel1012@gmail.com>
JRahnama
JRahnama reviewed May 12, 2021
View reviewed changes
src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/SqlConnection.cs Outdated Show resolved Hide resolved
src/Microsoft.Data.SqlClient/add-ons/AzureKeyVaultProvider/LocalCache.cs Outdated Show resolved Hide resolved
src/Microsoft.Data.SqlClient/add-ons/AzureKeyVaultProvider/LocalCache.cs Outdated Show resolved Hide resolved
src/Microsoft.Data.SqlClient/add-ons/AzureKeyVaultProvider/LocalCache.cs Outdated Show resolved Hide resolved
src/Microsoft.Data.SqlClient/add-ons/AzureKeyVaultProvider/LocalCache.cs Show resolved Hide resolved
...oft.Data.SqlClient/add-ons/AzureKeyVaultProvider/SqlColumnEncryptionAzureKeyVaultProvider.cs Outdated Show resolved Hide resolved
...oft.Data.SqlClient/add-ons/AzureKeyVaultProvider/SqlColumnEncryptionAzureKeyVaultProvider.cs Show resolved Hide resolved
...oft.Data.SqlClient/add-ons/AzureKeyVaultProvider/SqlColumnEncryptionAzureKeyVaultProvider.cs Outdated Show resolved Hide resolved
src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SqlConnection.cs Outdated Show resolved Hide resolved
src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SqlConnection.cs Outdated Show resolved Hide resolved
DavoudEshtehari
DavoudEshtehari reviewed May 14, 2021
View reviewed changes
Copy link
Contributor

@DavoudEshtehari DavoudEshtehari left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you assess TTL by adding more tests?

doc/snippets/Microsoft.Data.SqlClient/SqlColumnEncryptionKeyStoreProvider.xml Outdated Show resolved Hide resolved
src/Microsoft.Data.SqlClient/tests/ManualTests/AlwaysEncrypted/AKVUnitTests.cs Outdated Show resolved Hide resolved
src/Microsoft.Data.SqlClient/tests/ManualTests/AlwaysEncrypted/AKVUnitTests.cs Outdated Show resolved Hide resolved
src/Microsoft.Data.SqlClient/tests/ManualTests/AlwaysEncrypted/AKVUnitTests.cs Outdated Show resolved Hide resolved
src/Microsoft.Data.SqlClient/tests/ManualTests/AlwaysEncrypted/AKVUnitTests.cs Outdated Show resolved Hide resolved
src/Microsoft.Data.SqlClient/tests/ManualTests/AlwaysEncrypted/AKVUnitTests.cs Outdated Show resolved Hide resolved
...oft.Data.SqlClient/add-ons/AzureKeyVaultProvider/SqlColumnEncryptionAzureKeyVaultProvider.cs Show resolved Hide resolved
Johnny Pham and others added 10 commits May 14, 2021 11:12
add tests
d73a9d2
@DavoudEshtehari
Update src/Microsoft.Data.SqlClient/tests/ManualTests/AlwaysEncrypted…
6ad4eb9 
…/AKVUnitTests.cs

Co-authored-by: DavoudEshtehari <61173489+DavoudEshtehari@users.noreply.github.com>
@DavoudEshtehari
Update src/Microsoft.Data.SqlClient/tests/ManualTests/AlwaysEncrypted…
c5dd485 
…/AKVUnitTests.cs

Co-authored-by: DavoudEshtehari <61173489+DavoudEshtehari@users.noreply.github.com>
@DavoudEshtehari
Update src/Microsoft.Data.SqlClient/tests/ManualTests/AlwaysEncrypted…
9dea525 
…/AKVUnitTests.cs

Co-authored-by: DavoudEshtehari <61173489+DavoudEshtehari@users.noreply.github.com>
@DavoudEshtehari
Update src/Microsoft.Data.SqlClient/tests/ManualTests/AlwaysEncrypted…
4707ff2 
…/AKVUnitTests.cs

Co-authored-by: DavoudEshtehari <61173489+DavoudEshtehari@users.noreply.github.com>
@DavoudEshtehari
Update doc/snippets/Microsoft.Data.SqlClient/SqlColumnEncryptionKeySt…
6eccf60 
…oreProvider.xml

Co-authored-by: DavoudEshtehari <61173489+DavoudEshtehari@users.noreply.github.com>
@DavoudEshtehari
Update src/Microsoft.Data.SqlClient/tests/ManualTests/AlwaysEncrypted…
38923d1 
…/AKVUnitTests.cs

Co-authored-by: DavoudEshtehari <61173489+DavoudEshtehari@users.noreply.github.com>
add threading namespace
5b111d9
refactor tests
4494979
only run test when akv provider is registered globally
82e8c7b
cheenamalhotra
cheenamalhotra approved these changes May 15, 2021
View reviewed changes
Copy link
Member

@cheenamalhotra cheenamalhotra left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall LGTM 👍

.../AzureKeyVaultProvider/Microsoft.Data.SqlClient.AlwaysEncrypted.AzureKeyVaultProvider.csproj Show resolved Hide resolved
@cheenamalhotra cheenamalhotra merged commit 5e067c4 into dotnet:main May 17, 2021
@johnnypham johnnypham deleted the multitenant-provider-command branch May 19, 2021 20:04
@edwardneal edwardneal mentioned this pull request Mar 18, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@DavoudEshtehari DavoudEshtehari DavoudEshtehari left review comments

@David-Engel David-Engel David-Engel left review comments

@JRahnama JRahnama JRahnama approved these changes

@cheenamalhotra cheenamalhotra cheenamalhotra approved these changes

Assignees
No one assigned
Labels
🆕 Public API Issues/PRs that introduce new APIs to the driver.
Projects
None yet
Milestone
3.0.0-preview3
Development

Successfully merging this pull request may close these issues.
5 participants
@johnnypham @cheenamalhotra @David-Engel @JRahnama @DavoudEshtehari