ckaczor/sqltoolsservice
1
0
Fork 0
mirror of https://github.com/ckaczor/sqltoolsservice.git synced 2026-01-23 17:24:12 -05:00
Code Issues Packages Projects Releases Wiki Activity

Enable Always Encrypted enclave connection parameters (#919)

Browse Source 
* Enable the enclave connection parameters.

* Update the switch statement to use the enum constants for EnclaveAttestationProtocol

* Update verbiage for Always Encrypted connection options

* Update the argument exception to chose one specific to this connection option

* Add resource logic to resource files.

* Add error checking for when enclave parameters are added and Always Encrypted is set to disabled.

* Add/Update unit tests
This commit is contained in:
Jeff Trimmer
2020-02-18 15:33:12 -08:00
committed by GitHub
parent 7b102df5a7
commit 927b0d73ca
9 changed files with 1875 additions and 1667 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
src/Microsoft.SqlTools.ServiceLayer/Connection/ConnectionProviderOptionsHelper.cs
View File

@@ -119,16 +119,36 @@ namespace Microsoft.SqlTools.ServiceLayer.Connection
new ConnectionOption
{
Name = "columnEncryptionSetting",
DisplayName = "Column encryption setting",
Description = "Default column encryption setting for all the commands on the connection",
DisplayName = "Always Encrypted",
Description = "Enables or disables Always Encrypted for the connection",
ValueType = ConnectionOption.ValueTypeCategory,
GroupName = "Security",
CategoryValues = new CategoryValue[] {
new CategoryValue { Name = "Disabled" },
new CategoryValue {Name = "Enabled" }
new CategoryValue { Name = "Enabled" }
}
},
new ConnectionOption
{
Name = "attestationProtocol",
DisplayName = "Attestation Protocol",
Description = "Specifies a protocol for attesting a server-side enclave used with Always Encrypted with secure enclaves",
ValueType = ConnectionOption.ValueTypeCategory,
GroupName = "Security",
CategoryValues = new CategoryValue[] {
new CategoryValue { DisplayName = "Host Guardian Service", Name = "HGS" },
new CategoryValue { DisplayName = "Azure Attestation", Name = "AAS" }
}
},
new ConnectionOption
{
Name = "enclaveAttestationUrl",
DisplayName = "Enclave Attestation URL",
Description = "Specifies an endpoint for attesting a server-side enclave used with Always Encrypted with secure enclaves",
ValueType = ConnectionOption.ValueTypeString,
GroupName = "Security"
},
new ConnectionOption
{
Name = "encrypt",
DisplayName = "Encrypt",

30
src/Microsoft.SqlTools.ServiceLayer/Connection/ConnectionService.cs
View File

@@ -1156,6 +1156,34 @@ namespace Microsoft.SqlTools.ServiceLayer.Connection
throw new ArgumentException(SR.ConnectionServiceConnStringInvalidColumnEncryptionSetting(connectionDetails.ColumnEncryptionSetting));
}
}
if (!string.IsNullOrEmpty(connectionDetails.EnclaveAttestationProtocol))
{
if (string.IsNullOrEmpty(connectionDetails.ColumnEncryptionSetting) || connectionDetails.ColumnEncryptionSetting.ToUpper() == "DISABLED")
{
throw new ArgumentException(SR.ConnectionServiceConnStringInvalidAlwaysEncryptedOptionCombination());
}
switch (connectionDetails.EnclaveAttestationProtocol.ToUpper())
{
case "AAS":
connectionBuilder.AttestationProtocol = SqlConnectionAttestationProtocol.AAS;
break;
case "HGS":
connectionBuilder.AttestationProtocol = SqlConnectionAttestationProtocol.HGS;
break;
default:
throw new ArgumentException(SR.ConnectionServiceConnStringInvalidEnclaveAttestationProtocol(connectionDetails.EnclaveAttestationProtocol));
}
}
if (!string.IsNullOrEmpty(connectionDetails.EnclaveAttestationUrl))
{
if (string.IsNullOrEmpty(connectionDetails.ColumnEncryptionSetting) || connectionDetails.ColumnEncryptionSetting.ToUpper() == "DISABLED")
{
throw new ArgumentException(SR.ConnectionServiceConnStringInvalidAlwaysEncryptedOptionCombination());
}
connectionBuilder.EnclaveAttestationUrl = connectionDetails.EnclaveAttestationUrl;
}
if (connectionDetails.Encrypt.HasValue)
{
connectionBuilder.Encrypt = connectionDetails.Encrypt.Value;
@@ -1328,6 +1356,8 @@ namespace Microsoft.SqlTools.ServiceLayer.Connection
CurrentLanguage = builder.CurrentLanguage,
DatabaseName = builder.InitialCatalog,
ColumnEncryptionSetting = builder.ColumnEncryptionSetting.ToString(),
EnclaveAttestationProtocol = builder.AttestationProtocol.ToString(),
EnclaveAttestationUrl = builder.EnclaveAttestationUrl,
Encrypt = builder.Encrypt,
FailoverPartner = builder.FailoverPartner,
LoadBalanceTimeout = builder.LoadBalanceTimeout,

32
src/Microsoft.SqlTools.ServiceLayer/Connection/Contracts/ConnectionDetails.cs
View File

@@ -115,6 +115,38 @@ namespace Microsoft.SqlTools.ServiceLayer.Connection.Contracts
}
}
/// <summary>
/// Gets or sets a value for Attestation Protocol.
/// </summary>
public string EnclaveAttestationProtocol
{
get
{
return GetOptionValue<string>("attestationProtocol");
}
set
{
SetOptionValue("attestationProtocol", value);
}
}
/// <summary>
/// Gets or sets the enclave attestation Url to be used with enclave based Always Encrypted.
/// </summary>
public string EnclaveAttestationUrl
{
get
{
return GetOptionValue<string>("enclaveAttestationUrl");
}
set
{
SetOptionValue("enclaveAttestationUrl", value);
}
}
/// <summary>
/// Gets or sets a Boolean value that indicates whether SQL Server uses SSL encryption for all data sent between the client and server if the server has a certificate installed.
/// </summary>

2
src/Microsoft.SqlTools.ServiceLayer/Connection/Contracts/ConnectionDetailsExtensions.cs
View File

@@ -23,6 +23,8 @@ namespace Microsoft.SqlTools.ServiceLayer.Connection.Contracts
Password = details.Password,
AuthenticationType = details.AuthenticationType,
ColumnEncryptionSetting = details.ColumnEncryptionSetting,
EnclaveAttestationProtocol = details.EnclaveAttestationProtocol,
EnclaveAttestationUrl = details.EnclaveAttestationUrl,
Encrypt = details.Encrypt,
TrustServerCertificate = details.TrustServerCertificate,
PersistSecurityInfo = details.PersistSecurityInfo,