From e0dbdc3119abd8d75eb0c61a41af1bd211c8b93a Mon Sep 17 00:00:00 2001
From: Santosh Kulkarni <66682828+kr-santosh@users.noreply.github.com>
Date: Tue, 18 May 2021 19:39:03 +0530
Subject: [PATCH] Client Encryption: Adds integration with latest CosmosDb
 package 3.19.0-preview1 and check for Client Encryption Policy format
 version. (#2475)

This PR integrates the encryption package with the latest CosmosDb preview package and adds a check for Client Encryption
Policy format version.
---
 Directory.Build.props                              |  2 +-
 Microsoft.Azure.Cosmos.Encryption/changelog.md     | 14 ++++++++++++++
 Microsoft.Azure.Cosmos.Encryption/src/Constants.cs |  1 +
 .../src/EncryptionSettings.cs                      |  6 ++++++
 .../src/Microsoft.Azure.Cosmos.Encryption.csproj   |  2 +-
 .../tests/EmulatorTests/MdeEncryptionTests.cs      |  9 +++------
 6 files changed, 26 insertions(+), 8 deletions(-)

diff --git a/Directory.Build.props b/Directory.Build.props
index f7f5908206..95b2df4824 100644
--- a/Directory.Build.props
+++ b/Directory.Build.props
@@ -5,7 +5,7 @@
 		<ClientPreviewVersion>3.19.0</ClientPreviewVersion>
 		<ClientPreviewSuffixVersion>preview1</ClientPreviewSuffixVersion>
 		<DirectVersion>3.19.1</DirectVersion>
-		<EncryptionVersion>1.0.0-previewV14</EncryptionVersion>
+		<EncryptionVersion>1.0.0-previewV15</EncryptionVersion>
 		<HybridRowVersion>1.1.0-preview3</HybridRowVersion>
 		<AboveDirBuildProps>$([MSBuild]::GetPathOfFileAbove('Directory.Build.props', '$(MSBuildThisFileDirectory)../'))</AboveDirBuildProps>
 		<DefineConstants Condition=" '$(IsNightly)' == 'true' or '$(IsPreview)' == 'true' ">$(DefineConstants);PREVIEW</DefineConstants>
diff --git a/Microsoft.Azure.Cosmos.Encryption/changelog.md b/Microsoft.Azure.Cosmos.Encryption/changelog.md
index fe83530326..ca412e6650 100644
--- a/Microsoft.Azure.Cosmos.Encryption/changelog.md
+++ b/Microsoft.Azure.Cosmos.Encryption/changelog.md
@@ -3,10 +3,24 @@ Preview features are treated as a separate branch and will not be included in th
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+### <a name="1.0.0-previewV15"/> [1.0.0-previewV15](https://www.nuget.org/packages/Microsoft.Azure.Cosmos.Encryption/1.0.0-previewV15) - 2021-05-18
+
+#### Added 
+- [#2475](https://github.com/Azure/azure-cosmos-dotnet-v3/pull/2475) Adds integration with latest CosmosDb Preview Package - 3.19.0-preview1 and check for Client Encryption Policy format version.
+- [#2449](https://github.com/Azure/azure-cosmos-dotnet-v3/pull/2449) Adds validation that partition key paths are not encrypted.
+- [#2452](https://github.com/Azure/azure-cosmos-dotnet-v3/pull/2452) Adds the implementation for new ChangeFeed APIs.
+- [#2448](https://github.com/Azure/azure-cosmos-dotnet-v3/pull/2448) Adds client encryption support for patch.
+- [#2453](https://github.com/Azure/azure-cosmos-dotnet-v3/pull/2453) Removes Plaintext encryption type support.
+
+#### Fixes 
+- [#2445](https://github.com/Azure/azure-cosmos-dotnet-v3/pull/2445) Fixes query support on encrypted parameters and fixes samples.
+- [#2403](https://github.com/Azure/azure-cosmos-dotnet-v3/pull/2403) Fixes issue with clients using incorrect/stale Encryption Policy or Encryption Keys from the cache.
+
 ### <a name="1.0.0-previewV14"/> [1.0.0-previewV14](https://www.nuget.org/packages/Microsoft.Azure.Cosmos.Encryption/1.0.0-previewV14) - 2021-04-28
 
 #### Added 
 - [#2433](https://github.com/Azure/azure-cosmos-dotnet-v3/pull/2433) Adds integration with latest CosmosDb Preview Package - 3.19.0-preview.
+- [#2372](https://github.com/Azure/azure-cosmos-dotnet-v3/pull/2372) Adds decryption support for ChangeFeed Processor.
 
 ### <a name="1.0.0-previewV13"/> [1.0.0-previewV13](https://www.nuget.org/packages/Microsoft.Azure.Cosmos.Encryption/1.0.0-previewV13) - 2021-03-26
 
diff --git a/Microsoft.Azure.Cosmos.Encryption/src/Constants.cs b/Microsoft.Azure.Cosmos.Encryption/src/Constants.cs
index 2ce5886279..8b8e2c6e01 100644
--- a/Microsoft.Azure.Cosmos.Encryption/src/Constants.cs
+++ b/Microsoft.Azure.Cosmos.Encryption/src/Constants.cs
@@ -9,5 +9,6 @@ internal static class Constants
         public const string DocumentsResourcePropertyName = "Documents";
         public const string SubStatusHeader = "x-ms-substatus";
         public const string IncorrectContainerRidSubStatus = "1024";
+        public const int SupportedClientEncryptionPolicyFormatVersion = 1;
     }
 }
\ No newline at end of file
diff --git a/Microsoft.Azure.Cosmos.Encryption/src/EncryptionSettings.cs b/Microsoft.Azure.Cosmos.Encryption/src/EncryptionSettings.cs
index ce12ccb648..36a0e3b906 100644
--- a/Microsoft.Azure.Cosmos.Encryption/src/EncryptionSettings.cs
+++ b/Microsoft.Azure.Cosmos.Encryption/src/EncryptionSettings.cs
@@ -86,6 +86,12 @@ private static async Task<EncryptionSettings> InitializeEncryptionSettingsAsync(
 
             if (clientEncryptionPolicy != null)
             {
+                if (clientEncryptionPolicy.PolicyFormatVersion > Constants.SupportedClientEncryptionPolicyFormatVersion)
+                {
+                    throw new InvalidOperationException("This version of Microsoft.Azure.Cosmos.Encryption cannot be used with this container." +
+                        " Please upgrade to the latest version of the same. Please refer to https://aka.ms/CosmosClientEncryption for more details. ");
+                }
+
                 // for each of the unique keys in the policy Add it in /Update the cache.
                 foreach (string clientEncryptionKeyId in clientEncryptionPolicy.IncludedPaths.Select(x => x.ClientEncryptionKeyId).Distinct())
                 {
diff --git a/Microsoft.Azure.Cosmos.Encryption/src/Microsoft.Azure.Cosmos.Encryption.csproj b/Microsoft.Azure.Cosmos.Encryption/src/Microsoft.Azure.Cosmos.Encryption.csproj
index 5cd428b637..8eef61e304 100644
--- a/Microsoft.Azure.Cosmos.Encryption/src/Microsoft.Azure.Cosmos.Encryption.csproj
+++ b/Microsoft.Azure.Cosmos.Encryption/src/Microsoft.Azure.Cosmos.Encryption.csproj
@@ -25,7 +25,7 @@
   </ItemGroup>
 
 	<ItemGroup Condition=" '$(SdkProjectRef)' != 'True' ">
-		<PackageReference Include="Microsoft.Azure.Cosmos" Version="3.19.0-preview" />
+		<PackageReference Include="Microsoft.Azure.Cosmos" Version="3.19.0-preview1" />
 	</ItemGroup>
 
 	<ItemGroup Condition=" '$(SdkProjectRef)' == 'True' ">
diff --git a/Microsoft.Azure.Cosmos.Encryption/tests/EmulatorTests/MdeEncryptionTests.cs b/Microsoft.Azure.Cosmos.Encryption/tests/EmulatorTests/MdeEncryptionTests.cs
index 9407d7ae40..bdd54dcfaf 100644
--- a/Microsoft.Azure.Cosmos.Encryption/tests/EmulatorTests/MdeEncryptionTests.cs
+++ b/Microsoft.Azure.Cosmos.Encryption/tests/EmulatorTests/MdeEncryptionTests.cs
@@ -835,15 +835,12 @@ public async Task EncryptionRestrictedProperties()
 
             ContainerProperties containerProperties = new ContainerProperties(Guid.NewGuid().ToString(), "/PK") { ClientEncryptionPolicy = clientEncryptionPolicyPk };
 
-            Container encryptionContainer = await database.CreateContainerAsync(containerProperties, 400);
-            await encryptionContainer.InitializeEncryptionAsync();
-
             try
             {
-                await MdeEncryptionTests.MdeCreateItemAsync(encryptionContainer);
-                Assert.Fail("Expected item creation with PK specified to be encrypted to fail.");
+                Container encryptionContainer = await database.CreateContainerAsync(containerProperties, 400);
+                Assert.Fail("CreateContainerAsync operation with PK specified to be encrypted should have failed. ");
             }
-            catch (CosmosException ex) when (ex.StatusCode == HttpStatusCode.BadRequest)
+            catch (ArgumentException)
             {
             }