Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adding type in EncryptionKeyWrapMetadata and performing validation on partition key #21407

Merged
merged 7 commits into from
May 19, 2021
Merged

Adding type in EncryptionKeyWrapMetadata and performing validation on partition key #21407

merged 7 commits into from
May 19, 2021

Conversation

simplynaveen20
Copy link
Member

@simplynaveen20 simplynaveen20 commented May 13, 2021
edited
Loading

This PR contains 3 parts

  1. Adding type in EncryptionKeyWrapMetadata constructor and doing validation of store provider name during CEK creation
  2. Validation of partition key to avoid having it as encrypted field
  3. Exposing policyFormatVersion in ClientEncryptionPolicy

closes #20376

@ghost ghost added the Cosmos label May 13, 2021
@simplynaveen20 simplynaveen20 changed the title Adding type in EncryptionKeyWrapMetadata and doing validation on partition key Adding type in EncryptionKeyWrapMetadata and performing validation on partition key May 13, 2021
moderakh
moderakh reviewed May 14, 2021
View reviewed changes
Copy link
Contributor

@moderakh moderakh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@simplynaveen20 in similar scenario, does non Cosmos Exception type reach public surface area in the DotNet SDK?

sdk/cosmos/azure-cosmos/src/main/java/com/azure/cosmos/models/ClientEncryptionPolicy.java
void validatePartitionKeyPathsAreNotEncrypted(List<List<String>> partitionKeyPathTokens) {
checkNotNull(partitionKeyPathTokens, "partitionKeyPathTokens cannot be null");
List<String> propertiesToEncrypt =
this.includedPaths.stream().map(clientEncryptionIncludedPath -> clientEncryptionIncludedPath.getPath().substring(1)).collect(Collectors.toList());
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nice usage of java8 stream API. :-)

...smos-encryption/src/main/java/com/azure/cosmos/encryption/CosmosEncryptionAsyncDatabase.java
@@ -82,6 +82,13 @@ public CosmosAsyncClientEncryptionKey getClientEncryptionKey(String id) {

EncryptionKeyStoreProvider encryptionKeyStoreProvider =
this.cosmosEncryptionAsyncClient.getEncryptionKeyStoreProvider();

if (!encryptionKeyStoreProvider.getProviderName().equals(encryptionKeyWrapMetadata.getType())) {
throw new IllegalArgumentException("The EncryptionKeyWrapMetadata Type value does not match with the " +
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

in similar scenario, does non Cosmos Exception type reach public surface area in the DotNet SDK?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes .NET has ArgumentException as well. To me this is correct and it should be non cosmos as it is validation on argument passed by user.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

how would it work on the async API? do we do validation upfront? or do we return a Mono.of(IllegalArgException)

Copy link
Member Author

@simplynaveen20 simplynaveen20 May 19, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This validation is on async API itself which is doing validation upfront .

@simplynaveen20 simplynaveen20 requested a review from moderakh May 18, 2021 18:28
kushagraThapar
kushagraThapar approved these changes May 18, 2021
View reviewed changes
Copy link
Member

@kushagraThapar kushagraThapar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks @simplynaveen20

moderakh
moderakh approved these changes May 19, 2021
View reviewed changes
Copy link
Contributor

@moderakh moderakh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. except the question on the async API and how validation and throwing IllegalArgException from async api works.

...smos-encryption/src/main/java/com/azure/cosmos/encryption/CosmosEncryptionAsyncDatabase.java
@@ -82,6 +82,13 @@ public CosmosAsyncClientEncryptionKey getClientEncryptionKey(String id) {

EncryptionKeyStoreProvider encryptionKeyStoreProvider =
this.cosmosEncryptionAsyncClient.getEncryptionKeyStoreProvider();

if (!encryptionKeyStoreProvider.getProviderName().equals(encryptionKeyWrapMetadata.getType())) {
throw new IllegalArgumentException("The EncryptionKeyWrapMetadata Type value does not match with the " +
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

how would it work on the async API? do we do validation upfront? or do we return a Mono.of(IllegalArgException)

@simplynaveen20 simplynaveen20 mentioned this pull request May 19, 2021
Closed
@simplynaveen20 simplynaveen20 merged commit 1b7f50d into Azure:master May 19, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kushagraThapar kushagraThapar kushagraThapar approved these changes

@moderakh moderakh moderakh approved these changes

@aayush3011 aayush3011 Awaiting requested review from aayush3011

@FabianMeiswinkel FabianMeiswinkel Awaiting requested review from FabianMeiswinkel

@kirankumarkolli kirankumarkolli Awaiting requested review from kirankumarkolli

@mbhaskar mbhaskar Awaiting requested review from mbhaskar

@milismsft milismsft Awaiting requested review from milismsft

@xinlian12 xinlian12 Awaiting requested review from xinlian12

Assignees
No one assigned
Labels
Cosmos
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Azure Cosmos Client Encryption : Adds support to expose Type in EncryptionKeyWrapMetadata constructor
3 participants
@simplynaveen20 @kushagraThapar @moderakh