public async Task EncryptionBulkCrud() { TestDoc docToReplace = await EncryptionTests.CreateItemAsync(EncryptionTests.containerCore, EncryptionTests.dekId, TestDoc.PathsToEncrypt); docToReplace.NonSensitive = Guid.NewGuid().ToString(); docToReplace.Sensitive = Guid.NewGuid().ToString(); TestDoc docToUpsert = await EncryptionTests.CreateItemAsync(EncryptionTests.containerCore, EncryptionTests.dekId, TestDoc.PathsToEncrypt); docToUpsert.NonSensitive = Guid.NewGuid().ToString(); docToUpsert.Sensitive = Guid.NewGuid().ToString(); TestDoc docToDelete = await EncryptionTests.CreateItemAsync(EncryptionTests.containerCore, EncryptionTests.dekId, TestDoc.PathsToEncrypt); (string endpoint, string authKey) = TestCommon.GetAccountInfo(); CosmosClient clientWithBulk = new CosmosClientBuilder(endpoint, authKey) .WithEncryptionKeyWrapProvider(new TestKeyWrapProvider()) .WithBulkExecution(true) .Build(); DatabaseCore databaseWithBulk = (DatabaseInlineCore)clientWithBulk.GetDatabase(EncryptionTests.databaseCore.Id); ContainerCore containerWithBulk = (ContainerInlineCore)databaseWithBulk.GetContainer(EncryptionTests.container.Id); List <Task> tasks = new List <Task>(); tasks.Add(EncryptionTests.CreateItemAsync(containerWithBulk, EncryptionTests.dekId, TestDoc.PathsToEncrypt)); tasks.Add(EncryptionTests.UpsertItemAsync(containerWithBulk, TestDoc.Create(), EncryptionTests.dekId, TestDoc.PathsToEncrypt, HttpStatusCode.Created)); tasks.Add(EncryptionTests.ReplaceItemAsync(containerWithBulk, docToReplace, EncryptionTests.dekId, TestDoc.PathsToEncrypt)); tasks.Add(EncryptionTests.UpsertItemAsync(containerWithBulk, docToUpsert, EncryptionTests.dekId, TestDoc.PathsToEncrypt, HttpStatusCode.OK)); tasks.Add(EncryptionTests.DeleteItemAsync(containerWithBulk, docToDelete)); await Task.WhenAll(tasks); }
public async Task EncryptionResourceTokenAuth() { User user = EncryptionTests.databaseCore.GetUser(Guid.NewGuid().ToString()); await EncryptionTests.databaseCore.CreateUserAsync(user.Id); PermissionProperties permission = await user.CreatePermissionAsync( new PermissionProperties(Guid.NewGuid().ToString(), PermissionMode.All, EncryptionTests.container)); TestDoc testDoc = await EncryptionTests.CreateItemAsync(EncryptionTests.containerCore, EncryptionTests.dekId, TestDoc.PathsToEncrypt); (string endpoint, string _) = TestCommon.GetAccountInfo(); CosmosClient resourceTokenBasedClient = new CosmosClientBuilder(endpoint, permission.Token) .WithEncryptionKeyWrapProvider(new TestKeyWrapProvider()) .Build(); DatabaseCore databaseForTokenClient = (DatabaseInlineCore)resourceTokenBasedClient.GetDatabase(EncryptionTests.databaseCore.Id); Container containerForTokenClient = databaseForTokenClient.GetContainer(EncryptionTests.container.Id); await EncryptionTests.PerformForbiddenOperationAsync(() => databaseForTokenClient.GetDataEncryptionKey(EncryptionTests.dekId).ReadAsync(), "DEK.ReadAsync"); await EncryptionTests.PerformForbiddenOperationAsync(() => containerForTokenClient.ReadItemAsync <TestDoc>(testDoc.Id, new PartitionKey(testDoc.PK)), "ReadItemAsync"); await EncryptionTests.PerformForbiddenOperationAsync(() => containerForTokenClient.ReadItemStreamAsync(testDoc.Id, new PartitionKey(testDoc.PK)), "ReadItemStreamAsync"); }
public async Task EncryptionResourceTokenAuthRestricted() { TestDoc testDoc = await EncryptionTests.CreateItemAsync(EncryptionTests.itemContainerCore, EncryptionTests.dekId, TestDoc.PathsToEncrypt); User restrictedUser = EncryptionTests.databaseCore.GetUser(Guid.NewGuid().ToString()); await EncryptionTests.databaseCore.CreateUserAsync(restrictedUser.Id); PermissionProperties restrictedUserPermission = await restrictedUser.CreatePermissionAsync( new PermissionProperties(Guid.NewGuid().ToString(), PermissionMode.All, EncryptionTests.itemContainer)); CosmosDataEncryptionKeyProvider dekProvider = new CosmosDataEncryptionKeyProvider(new TestKeyWrapProvider()); TestEncryptor encryptor = new TestEncryptor(dekProvider); (string endpoint, string _) = TestCommon.GetAccountInfo(); CosmosClient clientForRestrictedUser = new CosmosClientBuilder(endpoint, restrictedUserPermission.Token) .WithEncryptor(encryptor) .Build(); Database databaseForRestrictedUser = clientForRestrictedUser.GetDatabase(EncryptionTests.databaseCore.Id); Container containerForRestrictedUser = databaseForRestrictedUser.GetContainer(EncryptionTests.itemContainer.Id); await EncryptionTests.PerformForbiddenOperationAsync(() => dekProvider.InitializeAsync(databaseForRestrictedUser, EncryptionTests.keyContainer.Id), "CosmosDekProvider.InitializeAsync"); await EncryptionTests.PerformOperationOnUninitializedDekProviderAsync(() => dekProvider.DataEncryptionKeyContainer.ReadDataEncryptionKeyAsync(EncryptionTests.dekId), "DEK.ReadAsync"); await EncryptionTests.PerformOperationOnUninitializedDekProviderAsync(() => containerForRestrictedUser.ReadItemAsync <TestDoc>(testDoc.Id, new PartitionKey(testDoc.PK)), "ReadItemAsync"); await EncryptionTests.PerformOperationOnUninitializedDekProviderAsync(() => containerForRestrictedUser.ReadItemStreamAsync(testDoc.Id, new PartitionKey(testDoc.PK)), "ReadItemStreamAsync"); }
public async Task DecryptQueryResultMultipleDocsTest() { TestDoc testDoc1 = await EncryptionTests.CreateItemAsync(EncryptionTests.containerCore, EncryptionTests.dekId, TestDoc.PathsToEncrypt); TestDoc testDoc2 = await EncryptionTests.CreateItemAsync(EncryptionTests.containerCore, EncryptionTests.dekId, TestDoc.PathsToEncrypt); await ValidateQueryResultsMultipleDocumentsAsync(EncryptionTests.containerCore, testDoc1, testDoc2); }
public async Task EncryptionDecryptQueryValueResponse() { TestDoc testDoc = await EncryptionTests.CreateItemAsync(EncryptionTests.itemContainerCore, EncryptionTests.dekId, TestDoc.PathsToEncrypt); string query = "SELECT VALUE COUNT(1) FROM c"; await EncryptionTests.ValidateQueryResponseAsync(EncryptionTests.itemContainerCore, query); }
public static async Task ClassInitialize(TestContext context) { EncryptionTests.client = EncryptionTests.GetClient(); EncryptionTests.databaseCore = (DatabaseInlineCore)await EncryptionTests.client.CreateDatabaseAsync(Guid.NewGuid().ToString()); EncryptionTests.container = await EncryptionTests.databaseCore.CreateContainerAsync(Guid.NewGuid().ToString(), "/PK", 400); EncryptionTests.containerCore = (ContainerInlineCore)EncryptionTests.container; EncryptionTests.dekProperties = await CreateDekAsync(EncryptionTests.databaseCore, EncryptionTests.dekId); }
public async Task EncryptionDecryptQueryResultDifferentDeks() { string dekId1 = "mydek1"; await EncryptionTests.CreateDekAsync(EncryptionTests.dekProvider, dekId1); TestDoc testDoc1 = await EncryptionTests.CreateItemAsync(EncryptionTests.itemContainerCore, EncryptionTests.dekId, TestDoc.PathsToEncrypt); TestDoc testDoc2 = await EncryptionTests.CreateItemAsync(EncryptionTests.itemContainerCore, dekId1, TestDoc.PathsToEncrypt); await ValidateQueryResultsMultipleDocumentsAsync(EncryptionTests.itemContainerCore, testDoc1, testDoc2); }
public async Task EncryptionCreateItem() { TestDoc testDoc = await EncryptionTests.CreateItemAsync(EncryptionTests.containerCore, EncryptionTests.dekId, TestDoc.PathsToEncrypt); await EncryptionTests.VerifyItemByReadAsync(EncryptionTests.containerCore, testDoc); await EncryptionTests.VerifyItemByReadStreamAsync(EncryptionTests.containerCore, testDoc); TestDoc expectedDoc = new TestDoc(testDoc); await EncryptionTests.ValidateQueryResultsAsync( EncryptionTests.containerCore, "SELECT * FROM c", expectedDoc); await EncryptionTests.ValidateQueryResultsAsync( EncryptionTests.containerCore, string.Format( "SELECT * FROM c where c.PK = '{0}' and c.id = '{1}' and c.NonSensitive = '{2}'", expectedDoc.PK, expectedDoc.Id, expectedDoc.NonSensitive), expectedDoc); await EncryptionTests.ValidateQueryResultsAsync( EncryptionTests.containerCore, string.Format("SELECT * FROM c where c.Sensitive = '{0}'", testDoc.Sensitive), expectedDoc : null); await EncryptionTests.ValidateQueryResultsAsync( EncryptionTests.containerCore, queryDefinition : new QueryDefinition( "select * from c where c.id = @theId and c.PK = @thePK") .WithParameter("@theId", expectedDoc.Id) .WithParameter("@thePK", expectedDoc.PK), expectedDoc : expectedDoc); expectedDoc.Sensitive = null; await EncryptionTests.ValidateQueryResultsAsync( EncryptionTests.containerCore, "SELECT c.id, c.PK, c.Sensitive, c.NonSensitive FROM c", expectedDoc); await EncryptionTests.ValidateQueryResultsAsync( EncryptionTests.containerCore, "SELECT c.id, c.PK, c.NonSensitive FROM c", expectedDoc); await EncryptionTests.ValidateSprocResultsAsync( EncryptionTests.containerCore, expectedDoc); }
public async Task DecryptQueryResultDifferentDeksTest() { string dekId1 = "mydek1"; EncryptionTests.dekProperties = await CreateDekAsync(EncryptionTests.databaseCore, dekId1); TestDoc testDoc1 = await EncryptionTests.CreateItemAsync(EncryptionTests.containerCore, EncryptionTests.dekId, TestDoc.PathsToEncrypt); TestDoc testDoc2 = await EncryptionTests.CreateItemAsync(EncryptionTests.containerCore, dekId1, TestDoc.PathsToEncrypt); await ValidateQueryResultsMultipleDocumentsAsync(EncryptionTests.containerCore, testDoc1, testDoc2); }
public async Task EncryptionDecryptQueryResultDifferentDeks() { string dekId1 = "mydek1"; await EncryptionTests.CreateDekAsync(EncryptionTests.dekProvider, dekId1); TestDoc testDoc1 = await EncryptionTests.CreateItemAsync(EncryptionTests.itemContainerCore, EncryptionTests.dekId, TestDoc.PathsToEncrypt); TestDoc testDoc2 = await EncryptionTests.CreateItemAsync(EncryptionTests.itemContainerCore, dekId1, TestDoc.PathsToEncrypt); string query = $"SELECT * FROM c WHERE c.PK in ('{testDoc1.PK}', '{testDoc2.PK}')"; await EncryptionTests.ValidateQueryResultsMultipleDocumentsAsync(EncryptionTests.itemContainerCore, testDoc1, testDoc2, query); }
public async Task EncryptionDecryptQueryResultMultipleDocs() { TestDoc testDoc1 = await EncryptionTests.CreateItemAsync(EncryptionTests.itemContainerCore, EncryptionTests.dekId, TestDoc.PathsToEncrypt); TestDoc testDoc2 = await EncryptionTests.CreateItemAsync(EncryptionTests.itemContainerCore, EncryptionTests.dekId, TestDoc.PathsToEncrypt); string query = $"SELECT * FROM c WHERE c.PK in ('{testDoc1.PK}', '{testDoc2.PK}')"; await EncryptionTests.ValidateQueryResultsMultipleDocumentsAsync(EncryptionTests.itemContainerCore, testDoc1, testDoc2, query); // ORDER BY query query = query + " ORDER BY c._ts"; await EncryptionTests.ValidateQueryResultsMultipleDocumentsAsync(EncryptionTests.itemContainerCore, testDoc1, testDoc2, query); }
public async Task DecryptGroupByQueryResultTest() { string partitionKey = Guid.NewGuid().ToString(); TestDoc testDoc1 = await EncryptionTests.CreateItemAsync(EncryptionTests.itemContainerCore, EncryptionTests.dekId, TestDoc.PathsToEncrypt, partitionKey); TestDoc testDoc2 = await EncryptionTests.CreateItemAsync(EncryptionTests.itemContainerCore, EncryptionTests.dekId, TestDoc.PathsToEncrypt, partitionKey); string query = $"SELECT COUNT(c.Id), c.PK " + $"FROM c WHERE c.PK = '{partitionKey}' " + $"GROUP BY c.PK "; await EncryptionTests.ValidateQueryResponseAsync(EncryptionTests.itemContainerCore, query); }
public async Task DecryptQueryResultMultipleEncryptedPropertiesTest() { TestDoc testDoc = await EncryptionTests.CreateItemAsync( EncryptionTests.containerCore, EncryptionTests.dekId, new List <string>(){ "/Sensitive", "/NonSensitive" }); TestDoc expectedDoc = new TestDoc(testDoc); await EncryptionTests.ValidateQueryResultsAsync( EncryptionTests.containerCore, "SELECT * FROM c", expectedDoc); }
private static async Task <ItemResponse <TestDoc> > CreateItemAsync( ContainerCore containerCore, string dekId, List <string> pathsToEncrypt) { TestDoc testDoc = TestDoc.Create(); ItemResponse <TestDoc> createResponse = await containerCore.CreateItemAsync( testDoc, new PartitionKey(testDoc.PK), EncryptionTests.GetRequestOptions(containerCore, dekId, pathsToEncrypt)); Assert.AreEqual(HttpStatusCode.Created, createResponse.StatusCode); Assert.AreEqual(testDoc, createResponse.Resource); return(createResponse); }
public async Task DecryptQueryBinaryResponse() { TestDoc testDoc = await EncryptionTests.CreateItemAsync(EncryptionTests.containerCore, EncryptionTests.dekId, TestDoc.PathsToEncrypt); CosmosSerializationFormatOptions options = new CosmosSerializationFormatOptions( Documents.ContentSerializationFormat.CosmosBinary.ToString(), (content) => JsonNavigator.Create(content), () => JsonWriter.Create(JsonSerializationFormat.Binary)); QueryRequestOptions requestOptions = new QueryRequestOptions() { CosmosSerializationFormatOptions = options }; TestDoc expectedDoc = new TestDoc(testDoc); string query = "SELECT * FROM c"; FeedIterator feedIterator = EncryptionTests.containerCore.GetItemQueryStreamIterator( query, requestOptions: requestOptions); while (feedIterator.HasMoreResults) { ResponseMessage response = await feedIterator.ReadNextAsync(); Assert.IsTrue(response.IsSuccessStatusCode); Assert.IsNull(response.ErrorMessage); // Copy the stream and check that the first byte is the correct value MemoryStream memoryStream = new MemoryStream(); response.Content.CopyTo(memoryStream); byte[] content = memoryStream.ToArray(); response.Content.Position = 0; // Examine the first buffer byte to determine the serialization format byte firstByte = content[0]; Assert.AreEqual(128, firstByte); Assert.AreEqual(JsonSerializationFormat.Binary, (JsonSerializationFormat)firstByte); IJsonReader reader = JsonReader.Create(content); IJsonWriter textWriter = JsonWriter.Create(JsonSerializationFormat.Text); textWriter.WriteAll(reader); string json = Encoding.UTF8.GetString(textWriter.GetResult().ToArray()); Assert.IsNotNull(json); Assert.IsTrue(json.Contains(testDoc.Sensitive)); } }
private static async Task <ItemResponse <TestDoc> > UpsertItemAsync( ContainerCore containerCore, TestDoc testDoc, string dekId, List <string> pathsToEncrypt, HttpStatusCode expectedStatusCode) { ItemResponse <TestDoc> upsertResponse = await containerCore.UpsertItemAsync( testDoc, new PartitionKey(testDoc.PK), EncryptionTests.GetRequestOptions(containerCore, dekId, pathsToEncrypt)); Assert.AreEqual(expectedStatusCode, upsertResponse.StatusCode); Assert.AreEqual(testDoc, upsertResponse.Resource); return(upsertResponse); }
public async Task DecryptQueryValueResponse() { TestDoc testDoc = await EncryptionTests.CreateItemAsync(EncryptionTests.containerCore, EncryptionTests.dekId, TestDoc.PathsToEncrypt); string query = "SELECT VALUE COUNT(1) FROM c"; FeedIterator feedIterator = EncryptionTests.containerCore.GetItemQueryStreamIterator(query); while (feedIterator.HasMoreResults) { ResponseMessage response = await feedIterator.ReadNextAsync(); Assert.IsTrue(response.IsSuccessStatusCode); Assert.IsNull(response.ErrorMessage); } }
private static async Task <ItemResponse <TestDoc> > ReplaceItemAsync( ContainerCore containerCore, TestDoc testDoc, string dekId, List <string> pathsToEncrypt, string etag = null) { ItemResponse <TestDoc> replaceResponse = await containerCore.ReplaceItemAsync( testDoc, testDoc.Id, new PartitionKey(testDoc.PK), EncryptionTests.GetRequestOptions(containerCore, dekId, pathsToEncrypt, etag)); Assert.AreEqual(HttpStatusCode.OK, replaceResponse.StatusCode); Assert.AreEqual(testDoc, replaceResponse.Resource); return(replaceResponse); }
public static async Task ClassInitialize(TestContext context) { EncryptionTests.dekProvider = new CosmosDataEncryptionKeyProvider(new TestKeyWrapProvider()); EncryptionTests.encryptor = new TestEncryptor(EncryptionTests.dekProvider); EncryptionTests.client = EncryptionTests.GetClient(); EncryptionTests.databaseCore = (DatabaseInlineCore)await EncryptionTests.client.CreateDatabaseAsync(Guid.NewGuid().ToString()); EncryptionTests.keyContainer = await EncryptionTests.databaseCore.CreateContainerAsync(Guid.NewGuid().ToString(), "/id", 400); await EncryptionTests.dekProvider.InitializeAsync(EncryptionTests.databaseCore, EncryptionTests.keyContainer.Id); EncryptionTests.itemContainer = await EncryptionTests.databaseCore.CreateContainerAsync(Guid.NewGuid().ToString(), "/PK", 400); EncryptionTests.itemContainerCore = (ContainerInlineCore)EncryptionTests.itemContainer; EncryptionTests.dekProperties = await EncryptionTests.CreateDekAsync(EncryptionTests.dekProvider, EncryptionTests.dekId); }
public async Task EncryptionRudItem() { TestDoc testDoc = await EncryptionTests.UpsertItemAsync( EncryptionTests.containerCore, TestDoc.Create(), EncryptionTests.dekId, TestDoc.PathsToEncrypt, HttpStatusCode.Created); await EncryptionTests.VerifyItemByReadAsync(EncryptionTests.containerCore, testDoc); testDoc.NonSensitive = Guid.NewGuid().ToString(); testDoc.Sensitive = Guid.NewGuid().ToString(); ItemResponse <TestDoc> upsertResponse = await EncryptionTests.UpsertItemAsync( EncryptionTests.containerCore, testDoc, EncryptionTests.dekId, TestDoc.PathsToEncrypt, HttpStatusCode.OK); TestDoc updatedDoc = upsertResponse.Resource; await EncryptionTests.VerifyItemByReadAsync(EncryptionTests.containerCore, updatedDoc); updatedDoc.NonSensitive = Guid.NewGuid().ToString(); updatedDoc.Sensitive = Guid.NewGuid().ToString(); TestDoc replacedDoc = await EncryptionTests.ReplaceItemAsync( EncryptionTests.containerCore, updatedDoc, EncryptionTests.dekId, TestDoc.PathsToEncrypt, upsertResponse.ETag); await EncryptionTests.VerifyItemByReadAsync(EncryptionTests.containerCore, replacedDoc); await EncryptionTests.DeleteItemAsync(EncryptionTests.containerCore, replacedDoc); }
public async Task EncryptionCreateDek() { string dekId = "anotherDek"; DataEncryptionKeyProperties dekProperties = await EncryptionTests.CreateDekAsync(EncryptionTests.databaseCore, dekId); Assert.IsNotNull(dekProperties); Assert.IsNotNull(dekProperties.CreatedTime); Assert.IsNotNull(dekProperties.LastModified); Assert.IsNotNull(dekProperties.SelfLink); Assert.IsNotNull(dekProperties.ResourceId); // Assert.AreEqual(dekProperties.LastModified, dekProperties.CreatedTime); Assert.AreEqual( new EncryptionKeyWrapMetadata(EncryptionTests.metadata1.Value + EncryptionTests.metadataUpdateSuffix), dekProperties.EncryptionKeyWrapMetadata); // Use a different client instance to avoid (unintentional) cache impact using (CosmosClient client = EncryptionTests.GetClient()) { DataEncryptionKeyProperties readProperties = await((DatabaseCore)(DatabaseInlineCore)client.GetDatabase(EncryptionTests.databaseCore.Id)).GetDataEncryptionKey(dekId).ReadAsync(); Assert.AreEqual(dekProperties, readProperties); } }
public async Task EncryptionRestrictedProperties() { TestDoc testDoc = TestDoc.Create(); try { await EncryptionTests.CreateItemAsync(EncryptionTests.containerCore, EncryptionTests.dekId, new List <string>() { "/id" }); Assert.Fail("Expected item creation with id specified to be encrypted to fail."); } catch (CosmosException ex) when(ex.StatusCode == HttpStatusCode.BadRequest) { } try { await EncryptionTests.CreateItemAsync(EncryptionTests.containerCore, EncryptionTests.dekId, new List <string>() { "/PK" }); Assert.Fail("Expected item creation with PK specified to be encrypted to fail."); } catch (CosmosException ex) when(ex.StatusCode == HttpStatusCode.BadRequest) { } }
public async Task EncryptionCreateDek() { string dekId = "anotherDek"; DataEncryptionKeyProperties dekProperties = await EncryptionTests.CreateDekAsync(EncryptionTests.dekProvider, dekId); Assert.IsNotNull(dekProperties); Assert.IsNotNull(dekProperties.CreatedTime); Assert.IsNotNull(dekProperties.LastModified); Assert.IsNotNull(dekProperties.SelfLink); // Assert.IsNotNull(dekProperties.ResourceId); // Assert.AreEqual(dekProperties.LastModified, dekProperties.CreatedTime); Assert.AreEqual( new EncryptionKeyWrapMetadata(EncryptionTests.metadata1.Value + EncryptionTests.metadataUpdateSuffix), dekProperties.EncryptionKeyWrapMetadata); // Use different DEK provider to avoid (unintentional) cache impact CosmosDataEncryptionKeyProvider dekProvider = new CosmosDataEncryptionKeyProvider(new TestKeyWrapProvider()); await dekProvider.InitializeAsync(EncryptionTests.databaseCore, EncryptionTests.keyContainer.Id); DataEncryptionKeyProperties readProperties = await dekProvider.DataEncryptionKeyContainer.ReadDataEncryptionKeyAsync(dekId); Assert.AreEqual(dekProperties, readProperties); }
public async Task EncryptionDekReadFeed() { DatabaseCore databaseCore = null; try { databaseCore = (DatabaseInlineCore)await EncryptionTests.client.CreateDatabaseAsync(Guid.NewGuid().ToString()); ContainerCore containerCore = (ContainerInlineCore)await EncryptionTests.databaseCore.CreateContainerAsync(Guid.NewGuid().ToString(), "/PK", 400); string contosoV1 = "Contoso_v001"; string contosoV2 = "Contoso_v002"; string fabrikamV1 = "Fabrikam_v001"; string fabrikamV2 = "Fabrikam_v002"; await EncryptionTests.CreateDekAsync(databaseCore, contosoV1); await EncryptionTests.CreateDekAsync(databaseCore, contosoV2); await EncryptionTests.CreateDekAsync(databaseCore, fabrikamV1); await EncryptionTests.CreateDekAsync(databaseCore, fabrikamV2); // Test getting all keys await EncryptionTests.IterateDekFeedAsync( databaseCore, new List <string> { contosoV1, contosoV2, fabrikamV1, fabrikamV2 }, isExpectedDeksCompleteSetForRequest : true, isResultOrderExpected : false); // Test getting specific subset of keys await EncryptionTests.IterateDekFeedAsync( databaseCore, new List <string> { contosoV2 }, isExpectedDeksCompleteSetForRequest : false, isResultOrderExpected : true, startId : "Contoso_v000", endId : "Contoso_v999", isDescending : true, itemCountInPage : 1); // Ensure only required results are returned (ascending) await EncryptionTests.IterateDekFeedAsync( databaseCore, new List <string> { contosoV1, contosoV2 }, isExpectedDeksCompleteSetForRequest : true, isResultOrderExpected : true, startId : "Contoso_v000", endId : "Contoso_v999", isDescending : false); // Test startId inclusive and endId inclusive (ascending) await EncryptionTests.IterateDekFeedAsync( databaseCore, new List <string> { contosoV1, contosoV2 }, isExpectedDeksCompleteSetForRequest : true, isResultOrderExpected : true, startId : "Contoso_v001", endId : "Contoso_v002", isDescending : false); // Ensure only required results are returned (descending) await EncryptionTests.IterateDekFeedAsync( databaseCore, new List <string> { contosoV2, contosoV1 }, isExpectedDeksCompleteSetForRequest : true, isResultOrderExpected : true, startId : "Contoso_v000", endId : "Contoso_v999", isDescending : true); // Test startId inclusive and endId inclusive (descending) await EncryptionTests.IterateDekFeedAsync( databaseCore, new List <string> { contosoV2, contosoV1 }, isExpectedDeksCompleteSetForRequest : true, isResultOrderExpected : true, startId : "Contoso_v001", endId : "Contoso_v002", isDescending : true); // Test pagination await EncryptionTests.IterateDekFeedAsync( databaseCore, new List <string> { contosoV1, contosoV2, fabrikamV1, fabrikamV2 }, isExpectedDeksCompleteSetForRequest : true, isResultOrderExpected : false, itemCountInPage : 3); } finally { if (databaseCore != null) { await databaseCore.DeleteStreamAsync(); } } }
public async Task EncryptionTransactionBatchCrud() { string partitionKey = "thePK"; string dek1 = EncryptionTests.dekId; string dek2 = "dek2Forbatch"; await EncryptionTests.CreateDekAsync(EncryptionTests.dekProvider, dek2); TestDoc doc1ToCreate = TestDoc.Create(partitionKey); TestDoc doc2ToCreate = TestDoc.Create(partitionKey); TestDoc doc3ToCreate = TestDoc.Create(partitionKey); ItemResponse <TestDoc> doc1ToReplaceCreateResponse = await EncryptionTests.CreateItemAsync(EncryptionTests.itemContainerCore, dek1, TestDoc.PathsToEncrypt, partitionKey); TestDoc doc1ToReplace = doc1ToReplaceCreateResponse.Resource; doc1ToReplace.NonSensitive = Guid.NewGuid().ToString(); doc1ToReplace.Sensitive = Guid.NewGuid().ToString(); TestDoc doc2ToReplace = await EncryptionTests.CreateItemAsync(EncryptionTests.itemContainerCore, dek2, TestDoc.PathsToEncrypt, partitionKey); doc2ToReplace.NonSensitive = Guid.NewGuid().ToString(); doc2ToReplace.Sensitive = Guid.NewGuid().ToString(); TestDoc doc1ToUpsert = await EncryptionTests.CreateItemAsync(EncryptionTests.itemContainerCore, dek2, TestDoc.PathsToEncrypt, partitionKey); doc1ToUpsert.NonSensitive = Guid.NewGuid().ToString(); doc1ToUpsert.Sensitive = Guid.NewGuid().ToString(); TestDoc doc2ToUpsert = await EncryptionTests.CreateItemAsync(EncryptionTests.itemContainerCore, dek1, TestDoc.PathsToEncrypt, partitionKey); doc2ToUpsert.NonSensitive = Guid.NewGuid().ToString(); doc2ToUpsert.Sensitive = Guid.NewGuid().ToString(); TestDoc docToDelete = await EncryptionTests.CreateItemAsync(EncryptionTests.itemContainerCore, dek1, TestDoc.PathsToEncrypt, partitionKey); TransactionalBatchResponse batchResponse = await EncryptionTests.itemContainer.CreateTransactionalBatch(new Cosmos.PartitionKey(partitionKey)) .CreateItem(doc1ToCreate, EncryptionTests.GetBatchItemRequestOptions(EncryptionTests.itemContainerCore, dek1, TestDoc.PathsToEncrypt)) .CreateItemStream(doc2ToCreate.ToStream(), EncryptionTests.GetBatchItemRequestOptions(EncryptionTests.itemContainerCore, dek2, TestDoc.PathsToEncrypt)) .ReplaceItem(doc1ToReplace.Id, doc1ToReplace, EncryptionTests.GetBatchItemRequestOptions(EncryptionTests.itemContainerCore, dek2, TestDoc.PathsToEncrypt, doc1ToReplaceCreateResponse.ETag)) .CreateItem(doc3ToCreate) .ReplaceItemStream(doc2ToReplace.Id, doc2ToReplace.ToStream(), EncryptionTests.GetBatchItemRequestOptions(EncryptionTests.itemContainerCore, dek2, TestDoc.PathsToEncrypt)) .UpsertItem(doc1ToUpsert, EncryptionTests.GetBatchItemRequestOptions(EncryptionTests.itemContainerCore, dek1, TestDoc.PathsToEncrypt)) .DeleteItem(docToDelete.Id) .UpsertItemStream(doc2ToUpsert.ToStream(), EncryptionTests.GetBatchItemRequestOptions(EncryptionTests.itemContainerCore, dek2, TestDoc.PathsToEncrypt)) .ExecuteAsync(); Assert.AreEqual(HttpStatusCode.OK, batchResponse.StatusCode); await EncryptionTests.VerifyItemByReadAsync(EncryptionTests.itemContainerCore, doc1ToCreate); await EncryptionTests.VerifyItemByReadAsync(EncryptionTests.itemContainerCore, doc2ToCreate); await EncryptionTests.VerifyItemByReadAsync(EncryptionTests.itemContainerCore, doc3ToCreate); await EncryptionTests.VerifyItemByReadAsync(EncryptionTests.itemContainerCore, doc1ToReplace); await EncryptionTests.VerifyItemByReadAsync(EncryptionTests.itemContainerCore, doc2ToReplace); await EncryptionTests.VerifyItemByReadAsync(EncryptionTests.itemContainerCore, doc1ToUpsert); await EncryptionTests.VerifyItemByReadAsync(EncryptionTests.itemContainerCore, doc2ToUpsert); ResponseMessage readResponseMessage = await EncryptionTests.itemContainer.ReadItemStreamAsync(docToDelete.Id, new PartitionKey(docToDelete.PK)); Assert.AreEqual(HttpStatusCode.NotFound, readResponseMessage.StatusCode); }
public async Task EncryptionDekReadFeed() { Container newKeyContainer = await EncryptionTests.databaseCore.CreateContainerAsync(Guid.NewGuid().ToString(), "/id", 400); try { CosmosDataEncryptionKeyProvider dekProvider = new CosmosDataEncryptionKeyProvider(new TestKeyWrapProvider()); await dekProvider.InitializeAsync(EncryptionTests.databaseCore, newKeyContainer.Id); string contosoV1 = "Contoso_v001"; string contosoV2 = "Contoso_v002"; string fabrikamV1 = "Fabrikam_v001"; string fabrikamV2 = "Fabrikam_v002"; await EncryptionTests.CreateDekAsync(dekProvider, contosoV1); await EncryptionTests.CreateDekAsync(dekProvider, contosoV2); await EncryptionTests.CreateDekAsync(dekProvider, fabrikamV1); await EncryptionTests.CreateDekAsync(dekProvider, fabrikamV2); // Test getting all keys await EncryptionTests.IterateDekFeedAsync( dekProvider, new List <string> { contosoV1, contosoV2, fabrikamV1, fabrikamV2 }, isExpectedDeksCompleteSetForRequest : true, isResultOrderExpected : false, "SELECT * from c"); // Test getting specific subset of keys await EncryptionTests.IterateDekFeedAsync( dekProvider, new List <string> { contosoV2 }, isExpectedDeksCompleteSetForRequest : false, isResultOrderExpected : true, "SELECT TOP 1 * from c where c.id >= 'Contoso_v000' and c.id <= 'Contoso_v999' ORDER BY c.id DESC"); // Ensure only required results are returned await EncryptionTests.IterateDekFeedAsync( dekProvider, new List <string> { contosoV1, contosoV2 }, isExpectedDeksCompleteSetForRequest : true, isResultOrderExpected : true, "SELECT * from c where c.id >= 'Contoso_v000' and c.id <= 'Contoso_v999' ORDER BY c.id ASC"); // Test pagination await EncryptionTests.IterateDekFeedAsync( dekProvider, new List <string> { contosoV1, contosoV2, fabrikamV1, fabrikamV2 }, isExpectedDeksCompleteSetForRequest : true, isResultOrderExpected : false, "SELECT * from c", itemCountInPage : 3); } finally { await newKeyContainer.DeleteContainerStreamAsync(); } }