From e0dbdc3119abd8d75eb0c61a41af1bd211c8b93a Mon Sep 17 00:00:00 2001
From: Santosh Kulkarni <66682828+kr-santosh@users.noreply.github.com>
Date: Tue, 18 May 2021 19:39:03 +0530
Subject: [PATCH] Client Encryption: Adds integration with latest CosmosDb
package 3.19.0-preview1 and check for Client Encryption Policy format
version. (#2475)
This PR integrates the encryption package with the latest CosmosDb preview package and adds a check for Client Encryption
Policy format version.
---
Directory.Build.props | 2 +-
Microsoft.Azure.Cosmos.Encryption/changelog.md | 14 ++++++++++++++
Microsoft.Azure.Cosmos.Encryption/src/Constants.cs | 1 +
.../src/EncryptionSettings.cs | 6 ++++++
.../src/Microsoft.Azure.Cosmos.Encryption.csproj | 2 +-
.../tests/EmulatorTests/MdeEncryptionTests.cs | 9 +++------
6 files changed, 26 insertions(+), 8 deletions(-)
diff --git a/Directory.Build.props b/Directory.Build.props
index f7f5908206..95b2df4824 100644
--- a/Directory.Build.props
+++ b/Directory.Build.props
@@ -5,7 +5,7 @@
3.19.0
preview1
3.19.1
- 1.0.0-previewV14
+ 1.0.0-previewV15
1.1.0-preview3
$([MSBuild]::GetPathOfFileAbove('Directory.Build.props', '$(MSBuildThisFileDirectory)../'))
$(DefineConstants);PREVIEW
diff --git a/Microsoft.Azure.Cosmos.Encryption/changelog.md b/Microsoft.Azure.Cosmos.Encryption/changelog.md
index fe83530326..ca412e6650 100644
--- a/Microsoft.Azure.Cosmos.Encryption/changelog.md
+++ b/Microsoft.Azure.Cosmos.Encryption/changelog.md
@@ -3,10 +3,24 @@ Preview features are treated as a separate branch and will not be included in th
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+### [1.0.0-previewV15](https://www.nuget.org/packages/Microsoft.Azure.Cosmos.Encryption/1.0.0-previewV15) - 2021-05-18
+
+#### Added
+- [#2475](https://github.com/Azure/azure-cosmos-dotnet-v3/pull/2475) Adds integration with latest CosmosDb Preview Package - 3.19.0-preview1 and check for Client Encryption Policy format version.
+- [#2449](https://github.com/Azure/azure-cosmos-dotnet-v3/pull/2449) Adds validation that partition key paths are not encrypted.
+- [#2452](https://github.com/Azure/azure-cosmos-dotnet-v3/pull/2452) Adds the implementation for new ChangeFeed APIs.
+- [#2448](https://github.com/Azure/azure-cosmos-dotnet-v3/pull/2448) Adds client encryption support for patch.
+- [#2453](https://github.com/Azure/azure-cosmos-dotnet-v3/pull/2453) Removes Plaintext encryption type support.
+
+#### Fixes
+- [#2445](https://github.com/Azure/azure-cosmos-dotnet-v3/pull/2445) Fixes query support on encrypted parameters and fixes samples.
+- [#2403](https://github.com/Azure/azure-cosmos-dotnet-v3/pull/2403) Fixes issue with clients using incorrect/stale Encryption Policy or Encryption Keys from the cache.
+
### [1.0.0-previewV14](https://www.nuget.org/packages/Microsoft.Azure.Cosmos.Encryption/1.0.0-previewV14) - 2021-04-28
#### Added
- [#2433](https://github.com/Azure/azure-cosmos-dotnet-v3/pull/2433) Adds integration with latest CosmosDb Preview Package - 3.19.0-preview.
+- [#2372](https://github.com/Azure/azure-cosmos-dotnet-v3/pull/2372) Adds decryption support for ChangeFeed Processor.
### [1.0.0-previewV13](https://www.nuget.org/packages/Microsoft.Azure.Cosmos.Encryption/1.0.0-previewV13) - 2021-03-26
diff --git a/Microsoft.Azure.Cosmos.Encryption/src/Constants.cs b/Microsoft.Azure.Cosmos.Encryption/src/Constants.cs
index 2ce5886279..8b8e2c6e01 100644
--- a/Microsoft.Azure.Cosmos.Encryption/src/Constants.cs
+++ b/Microsoft.Azure.Cosmos.Encryption/src/Constants.cs
@@ -9,5 +9,6 @@ internal static class Constants
public const string DocumentsResourcePropertyName = "Documents";
public const string SubStatusHeader = "x-ms-substatus";
public const string IncorrectContainerRidSubStatus = "1024";
+ public const int SupportedClientEncryptionPolicyFormatVersion = 1;
}
}
\ No newline at end of file
diff --git a/Microsoft.Azure.Cosmos.Encryption/src/EncryptionSettings.cs b/Microsoft.Azure.Cosmos.Encryption/src/EncryptionSettings.cs
index ce12ccb648..36a0e3b906 100644
--- a/Microsoft.Azure.Cosmos.Encryption/src/EncryptionSettings.cs
+++ b/Microsoft.Azure.Cosmos.Encryption/src/EncryptionSettings.cs
@@ -86,6 +86,12 @@ private static async Task InitializeEncryptionSettingsAsync(
if (clientEncryptionPolicy != null)
{
+ if (clientEncryptionPolicy.PolicyFormatVersion > Constants.SupportedClientEncryptionPolicyFormatVersion)
+ {
+ throw new InvalidOperationException("This version of Microsoft.Azure.Cosmos.Encryption cannot be used with this container." +
+ " Please upgrade to the latest version of the same. Please refer to https://aka.ms/CosmosClientEncryption for more details. ");
+ }
+
// for each of the unique keys in the policy Add it in /Update the cache.
foreach (string clientEncryptionKeyId in clientEncryptionPolicy.IncludedPaths.Select(x => x.ClientEncryptionKeyId).Distinct())
{
diff --git a/Microsoft.Azure.Cosmos.Encryption/src/Microsoft.Azure.Cosmos.Encryption.csproj b/Microsoft.Azure.Cosmos.Encryption/src/Microsoft.Azure.Cosmos.Encryption.csproj
index 5cd428b637..8eef61e304 100644
--- a/Microsoft.Azure.Cosmos.Encryption/src/Microsoft.Azure.Cosmos.Encryption.csproj
+++ b/Microsoft.Azure.Cosmos.Encryption/src/Microsoft.Azure.Cosmos.Encryption.csproj
@@ -25,7 +25,7 @@
-
+
diff --git a/Microsoft.Azure.Cosmos.Encryption/tests/EmulatorTests/MdeEncryptionTests.cs b/Microsoft.Azure.Cosmos.Encryption/tests/EmulatorTests/MdeEncryptionTests.cs
index 9407d7ae40..bdd54dcfaf 100644
--- a/Microsoft.Azure.Cosmos.Encryption/tests/EmulatorTests/MdeEncryptionTests.cs
+++ b/Microsoft.Azure.Cosmos.Encryption/tests/EmulatorTests/MdeEncryptionTests.cs
@@ -835,15 +835,12 @@ public async Task EncryptionRestrictedProperties()
ContainerProperties containerProperties = new ContainerProperties(Guid.NewGuid().ToString(), "/PK") { ClientEncryptionPolicy = clientEncryptionPolicyPk };
- Container encryptionContainer = await database.CreateContainerAsync(containerProperties, 400);
- await encryptionContainer.InitializeEncryptionAsync();
-
try
{
- await MdeEncryptionTests.MdeCreateItemAsync(encryptionContainer);
- Assert.Fail("Expected item creation with PK specified to be encrypted to fail.");
+ Container encryptionContainer = await database.CreateContainerAsync(containerProperties, 400);
+ Assert.Fail("CreateContainerAsync operation with PK specified to be encrypted should have failed. ");
}
- catch (CosmosException ex) when (ex.StatusCode == HttpStatusCode.BadRequest)
+ catch (ArgumentException)
{
}