public async Task EncryptionDecryptQueryResultDifferentDeks() { string dekId1 = "mydek1"; await EncryptionTests.CreateDekAsync(EncryptionTests.dekProvider, dekId1); TestDoc testDoc1 = await EncryptionTests.CreateItemAsync(EncryptionTests.itemContainerCore, EncryptionTests.dekId, TestDoc.PathsToEncrypt); TestDoc testDoc2 = await EncryptionTests.CreateItemAsync(EncryptionTests.itemContainerCore, dekId1, TestDoc.PathsToEncrypt); await ValidateQueryResultsMultipleDocumentsAsync(EncryptionTests.itemContainerCore, testDoc1, testDoc2); }
public async Task EncryptionDecryptQueryResultDifferentDeks() { string dekId1 = "mydek1"; await EncryptionTests.CreateDekAsync(EncryptionTests.dekProvider, dekId1); TestDoc testDoc1 = await EncryptionTests.CreateItemAsync(EncryptionTests.itemContainerCore, EncryptionTests.dekId, TestDoc.PathsToEncrypt); TestDoc testDoc2 = await EncryptionTests.CreateItemAsync(EncryptionTests.itemContainerCore, dekId1, TestDoc.PathsToEncrypt); string query = $"SELECT * FROM c WHERE c.PK in ('{testDoc1.PK}', '{testDoc2.PK}')"; await EncryptionTests.ValidateQueryResultsMultipleDocumentsAsync(EncryptionTests.itemContainerCore, testDoc1, testDoc2, query); }
public static async Task ClassInitialize(TestContext context) { EncryptionTests.dekProvider = new CosmosDataEncryptionKeyProvider(new TestKeyWrapProvider()); EncryptionTests.encryptor = new TestEncryptor(EncryptionTests.dekProvider); EncryptionTests.client = EncryptionTests.GetClient(); EncryptionTests.databaseCore = (DatabaseInlineCore)await EncryptionTests.client.CreateDatabaseAsync(Guid.NewGuid().ToString()); EncryptionTests.keyContainer = await EncryptionTests.databaseCore.CreateContainerAsync(Guid.NewGuid().ToString(), "/id", 400); await EncryptionTests.dekProvider.InitializeAsync(EncryptionTests.databaseCore, EncryptionTests.keyContainer.Id); EncryptionTests.itemContainer = await EncryptionTests.databaseCore.CreateContainerAsync(Guid.NewGuid().ToString(), "/PK", 400); EncryptionTests.itemContainerCore = (ContainerInlineCore)EncryptionTests.itemContainer; EncryptionTests.dekProperties = await EncryptionTests.CreateDekAsync(EncryptionTests.dekProvider, EncryptionTests.dekId); }
public async Task EncryptionCreateDek() { string dekId = "anotherDek"; DataEncryptionKeyProperties dekProperties = await EncryptionTests.CreateDekAsync(EncryptionTests.databaseCore, dekId); Assert.IsNotNull(dekProperties); Assert.IsNotNull(dekProperties.CreatedTime); Assert.IsNotNull(dekProperties.LastModified); Assert.IsNotNull(dekProperties.SelfLink); Assert.IsNotNull(dekProperties.ResourceId); // Assert.AreEqual(dekProperties.LastModified, dekProperties.CreatedTime); Assert.AreEqual( new EncryptionKeyWrapMetadata(EncryptionTests.metadata1.Value + EncryptionTests.metadataUpdateSuffix), dekProperties.EncryptionKeyWrapMetadata); // Use a different client instance to avoid (unintentional) cache impact using (CosmosClient client = EncryptionTests.GetClient()) { DataEncryptionKeyProperties readProperties = await((DatabaseCore)(DatabaseInlineCore)client.GetDatabase(EncryptionTests.databaseCore.Id)).GetDataEncryptionKey(dekId).ReadAsync(); Assert.AreEqual(dekProperties, readProperties); } }
public async Task EncryptionCreateDek() { string dekId = "anotherDek"; DataEncryptionKeyProperties dekProperties = await EncryptionTests.CreateDekAsync(EncryptionTests.dekProvider, dekId); Assert.IsNotNull(dekProperties); Assert.IsNotNull(dekProperties.CreatedTime); Assert.IsNotNull(dekProperties.LastModified); Assert.IsNotNull(dekProperties.SelfLink); // Assert.IsNotNull(dekProperties.ResourceId); // Assert.AreEqual(dekProperties.LastModified, dekProperties.CreatedTime); Assert.AreEqual( new EncryptionKeyWrapMetadata(EncryptionTests.metadata1.Value + EncryptionTests.metadataUpdateSuffix), dekProperties.EncryptionKeyWrapMetadata); // Use different DEK provider to avoid (unintentional) cache impact CosmosDataEncryptionKeyProvider dekProvider = new CosmosDataEncryptionKeyProvider(new TestKeyWrapProvider()); await dekProvider.InitializeAsync(EncryptionTests.databaseCore, EncryptionTests.keyContainer.Id); DataEncryptionKeyProperties readProperties = await dekProvider.DataEncryptionKeyContainer.ReadDataEncryptionKeyAsync(dekId); Assert.AreEqual(dekProperties, readProperties); }
public async Task EncryptionDekReadFeed() { DatabaseCore databaseCore = null; try { databaseCore = (DatabaseInlineCore)await EncryptionTests.client.CreateDatabaseAsync(Guid.NewGuid().ToString()); ContainerCore containerCore = (ContainerInlineCore)await EncryptionTests.databaseCore.CreateContainerAsync(Guid.NewGuid().ToString(), "/PK", 400); string contosoV1 = "Contoso_v001"; string contosoV2 = "Contoso_v002"; string fabrikamV1 = "Fabrikam_v001"; string fabrikamV2 = "Fabrikam_v002"; await EncryptionTests.CreateDekAsync(databaseCore, contosoV1); await EncryptionTests.CreateDekAsync(databaseCore, contosoV2); await EncryptionTests.CreateDekAsync(databaseCore, fabrikamV1); await EncryptionTests.CreateDekAsync(databaseCore, fabrikamV2); // Test getting all keys await EncryptionTests.IterateDekFeedAsync( databaseCore, new List <string> { contosoV1, contosoV2, fabrikamV1, fabrikamV2 }, isExpectedDeksCompleteSetForRequest : true, isResultOrderExpected : false); // Test getting specific subset of keys await EncryptionTests.IterateDekFeedAsync( databaseCore, new List <string> { contosoV2 }, isExpectedDeksCompleteSetForRequest : false, isResultOrderExpected : true, startId : "Contoso_v000", endId : "Contoso_v999", isDescending : true, itemCountInPage : 1); // Ensure only required results are returned (ascending) await EncryptionTests.IterateDekFeedAsync( databaseCore, new List <string> { contosoV1, contosoV2 }, isExpectedDeksCompleteSetForRequest : true, isResultOrderExpected : true, startId : "Contoso_v000", endId : "Contoso_v999", isDescending : false); // Test startId inclusive and endId inclusive (ascending) await EncryptionTests.IterateDekFeedAsync( databaseCore, new List <string> { contosoV1, contosoV2 }, isExpectedDeksCompleteSetForRequest : true, isResultOrderExpected : true, startId : "Contoso_v001", endId : "Contoso_v002", isDescending : false); // Ensure only required results are returned (descending) await EncryptionTests.IterateDekFeedAsync( databaseCore, new List <string> { contosoV2, contosoV1 }, isExpectedDeksCompleteSetForRequest : true, isResultOrderExpected : true, startId : "Contoso_v000", endId : "Contoso_v999", isDescending : true); // Test startId inclusive and endId inclusive (descending) await EncryptionTests.IterateDekFeedAsync( databaseCore, new List <string> { contosoV2, contosoV1 }, isExpectedDeksCompleteSetForRequest : true, isResultOrderExpected : true, startId : "Contoso_v001", endId : "Contoso_v002", isDescending : true); // Test pagination await EncryptionTests.IterateDekFeedAsync( databaseCore, new List <string> { contosoV1, contosoV2, fabrikamV1, fabrikamV2 }, isExpectedDeksCompleteSetForRequest : true, isResultOrderExpected : false, itemCountInPage : 3); } finally { if (databaseCore != null) { await databaseCore.DeleteStreamAsync(); } } }
public async Task EncryptionTransactionBatchCrud() { string partitionKey = "thePK"; string dek1 = EncryptionTests.dekId; string dek2 = "dek2Forbatch"; await EncryptionTests.CreateDekAsync(EncryptionTests.dekProvider, dek2); TestDoc doc1ToCreate = TestDoc.Create(partitionKey); TestDoc doc2ToCreate = TestDoc.Create(partitionKey); TestDoc doc3ToCreate = TestDoc.Create(partitionKey); ItemResponse <TestDoc> doc1ToReplaceCreateResponse = await EncryptionTests.CreateItemAsync(EncryptionTests.itemContainerCore, dek1, TestDoc.PathsToEncrypt, partitionKey); TestDoc doc1ToReplace = doc1ToReplaceCreateResponse.Resource; doc1ToReplace.NonSensitive = Guid.NewGuid().ToString(); doc1ToReplace.Sensitive = Guid.NewGuid().ToString(); TestDoc doc2ToReplace = await EncryptionTests.CreateItemAsync(EncryptionTests.itemContainerCore, dek2, TestDoc.PathsToEncrypt, partitionKey); doc2ToReplace.NonSensitive = Guid.NewGuid().ToString(); doc2ToReplace.Sensitive = Guid.NewGuid().ToString(); TestDoc doc1ToUpsert = await EncryptionTests.CreateItemAsync(EncryptionTests.itemContainerCore, dek2, TestDoc.PathsToEncrypt, partitionKey); doc1ToUpsert.NonSensitive = Guid.NewGuid().ToString(); doc1ToUpsert.Sensitive = Guid.NewGuid().ToString(); TestDoc doc2ToUpsert = await EncryptionTests.CreateItemAsync(EncryptionTests.itemContainerCore, dek1, TestDoc.PathsToEncrypt, partitionKey); doc2ToUpsert.NonSensitive = Guid.NewGuid().ToString(); doc2ToUpsert.Sensitive = Guid.NewGuid().ToString(); TestDoc docToDelete = await EncryptionTests.CreateItemAsync(EncryptionTests.itemContainerCore, dek1, TestDoc.PathsToEncrypt, partitionKey); TransactionalBatchResponse batchResponse = await EncryptionTests.itemContainer.CreateTransactionalBatch(new Cosmos.PartitionKey(partitionKey)) .CreateItem(doc1ToCreate, EncryptionTests.GetBatchItemRequestOptions(EncryptionTests.itemContainerCore, dek1, TestDoc.PathsToEncrypt)) .CreateItemStream(doc2ToCreate.ToStream(), EncryptionTests.GetBatchItemRequestOptions(EncryptionTests.itemContainerCore, dek2, TestDoc.PathsToEncrypt)) .ReplaceItem(doc1ToReplace.Id, doc1ToReplace, EncryptionTests.GetBatchItemRequestOptions(EncryptionTests.itemContainerCore, dek2, TestDoc.PathsToEncrypt, doc1ToReplaceCreateResponse.ETag)) .CreateItem(doc3ToCreate) .ReplaceItemStream(doc2ToReplace.Id, doc2ToReplace.ToStream(), EncryptionTests.GetBatchItemRequestOptions(EncryptionTests.itemContainerCore, dek2, TestDoc.PathsToEncrypt)) .UpsertItem(doc1ToUpsert, EncryptionTests.GetBatchItemRequestOptions(EncryptionTests.itemContainerCore, dek1, TestDoc.PathsToEncrypt)) .DeleteItem(docToDelete.Id) .UpsertItemStream(doc2ToUpsert.ToStream(), EncryptionTests.GetBatchItemRequestOptions(EncryptionTests.itemContainerCore, dek2, TestDoc.PathsToEncrypt)) .ExecuteAsync(); Assert.AreEqual(HttpStatusCode.OK, batchResponse.StatusCode); await EncryptionTests.VerifyItemByReadAsync(EncryptionTests.itemContainerCore, doc1ToCreate); await EncryptionTests.VerifyItemByReadAsync(EncryptionTests.itemContainerCore, doc2ToCreate); await EncryptionTests.VerifyItemByReadAsync(EncryptionTests.itemContainerCore, doc3ToCreate); await EncryptionTests.VerifyItemByReadAsync(EncryptionTests.itemContainerCore, doc1ToReplace); await EncryptionTests.VerifyItemByReadAsync(EncryptionTests.itemContainerCore, doc2ToReplace); await EncryptionTests.VerifyItemByReadAsync(EncryptionTests.itemContainerCore, doc1ToUpsert); await EncryptionTests.VerifyItemByReadAsync(EncryptionTests.itemContainerCore, doc2ToUpsert); ResponseMessage readResponseMessage = await EncryptionTests.itemContainer.ReadItemStreamAsync(docToDelete.Id, new PartitionKey(docToDelete.PK)); Assert.AreEqual(HttpStatusCode.NotFound, readResponseMessage.StatusCode); }
public async Task EncryptionDekReadFeed() { Container newKeyContainer = await EncryptionTests.databaseCore.CreateContainerAsync(Guid.NewGuid().ToString(), "/id", 400); try { CosmosDataEncryptionKeyProvider dekProvider = new CosmosDataEncryptionKeyProvider(new TestKeyWrapProvider()); await dekProvider.InitializeAsync(EncryptionTests.databaseCore, newKeyContainer.Id); string contosoV1 = "Contoso_v001"; string contosoV2 = "Contoso_v002"; string fabrikamV1 = "Fabrikam_v001"; string fabrikamV2 = "Fabrikam_v002"; await EncryptionTests.CreateDekAsync(dekProvider, contosoV1); await EncryptionTests.CreateDekAsync(dekProvider, contosoV2); await EncryptionTests.CreateDekAsync(dekProvider, fabrikamV1); await EncryptionTests.CreateDekAsync(dekProvider, fabrikamV2); // Test getting all keys await EncryptionTests.IterateDekFeedAsync( dekProvider, new List <string> { contosoV1, contosoV2, fabrikamV1, fabrikamV2 }, isExpectedDeksCompleteSetForRequest : true, isResultOrderExpected : false, "SELECT * from c"); // Test getting specific subset of keys await EncryptionTests.IterateDekFeedAsync( dekProvider, new List <string> { contosoV2 }, isExpectedDeksCompleteSetForRequest : false, isResultOrderExpected : true, "SELECT TOP 1 * from c where c.id >= 'Contoso_v000' and c.id <= 'Contoso_v999' ORDER BY c.id DESC"); // Ensure only required results are returned await EncryptionTests.IterateDekFeedAsync( dekProvider, new List <string> { contosoV1, contosoV2 }, isExpectedDeksCompleteSetForRequest : true, isResultOrderExpected : true, "SELECT * from c where c.id >= 'Contoso_v000' and c.id <= 'Contoso_v999' ORDER BY c.id ASC"); // Test pagination await EncryptionTests.IterateDekFeedAsync( dekProvider, new List <string> { contosoV1, contosoV2, fabrikamV1, fabrikamV2 }, isExpectedDeksCompleteSetForRequest : true, isResultOrderExpected : false, "SELECT * from c", itemCountInPage : 3); } finally { await newKeyContainer.DeleteContainerStreamAsync(); } }