ckaczor/sqltoolsservice
1
0
Fork 0
mirror of https://github.com/ckaczor/sqltoolsservice.git synced 2026-02-14 03:58:35 -05:00
Code Issues Packages Projects Releases Wiki Activity

Improve secure enclaves error handling (#1880)

Browse Source
This commit is contained in:
Cheena Malhotra
2023-02-28 13:31:40 -08:00
committed by GitHub
parent 7941e871d9
commit c83f380b8e
10 changed files with 172 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
src/Microsoft.SqlTools.ServiceLayer/Connection/ConnectionService.cs
View File

@@ -1349,9 +1349,24 @@ namespace Microsoft.SqlTools.ServiceLayer.Connection
throw new ArgumentException(SR.ConnectionServiceConnStringInvalidColumnEncryptionSetting(connectionDetails.ColumnEncryptionSetting));
}
}
if (!string.IsNullOrEmpty(connectionDetails.SecureEnclaves))
{
// Secure Enclaves is not mapped to SqlConnection, it's only used for throwing validation errors
// when Enclave Attestation Protocol is missing.
switch (connectionDetails.SecureEnclaves.ToUpper())
{
case "ENABLED":
break;
case "DISABLED":
break;
default:
throw new ArgumentException(SR.ConnectionServiceConnStringInvalidSecureEnclaves(connectionDetails.SecureEnclaves));
}
}
if (!string.IsNullOrEmpty(connectionDetails.EnclaveAttestationProtocol))
{
if (string.IsNullOrEmpty(connectionDetails.ColumnEncryptionSetting) || connectionDetails.ColumnEncryptionSetting.ToUpper() == "DISABLED")
if (string.IsNullOrEmpty(connectionDetails.ColumnEncryptionSetting) || connectionDetails.ColumnEncryptionSetting.ToUpper() == "DISABLED"
|| string.IsNullOrEmpty(connectionDetails.SecureEnclaves) || connectionDetails.SecureEnclaves.ToUpper() == "DISABLED")
{
throw new ArgumentException(SR.ConnectionServiceConnStringInvalidAlwaysEncryptedOptionCombination);
}
@@ -1364,7 +1379,7 @@ namespace Microsoft.SqlTools.ServiceLayer.Connection
case "HGS":
connectionBuilder.AttestationProtocol = SqlConnectionAttestationProtocol.HGS;
break;
case "None":
case "NONE":
connectionBuilder.AttestationProtocol = SqlConnectionAttestationProtocol.None;
break;
default:
@@ -1373,13 +1388,24 @@ namespace Microsoft.SqlTools.ServiceLayer.Connection
}
if (!string.IsNullOrEmpty(connectionDetails.EnclaveAttestationUrl))
{
if (string.IsNullOrEmpty(connectionDetails.ColumnEncryptionSetting) || connectionDetails.ColumnEncryptionSetting.ToUpper() == "DISABLED")
if (string.IsNullOrEmpty(connectionDetails.ColumnEncryptionSetting) || connectionDetails.ColumnEncryptionSetting.ToUpper() == "DISABLED"
|| string.IsNullOrEmpty(connectionDetails.SecureEnclaves) || connectionDetails.SecureEnclaves.ToUpper() == "DISABLED")
{
throw new ArgumentException(SR.ConnectionServiceConnStringInvalidAlwaysEncryptedOptionCombination);
}
if(connectionBuilder.AttestationProtocol == SqlConnectionAttestationProtocol.None)
{
throw new ArgumentException(SR.ConnectionServiceConnStringInvalidAttestationProtocolNoneWithUrl);
}
connectionBuilder.EnclaveAttestationUrl = connectionDetails.EnclaveAttestationUrl;
}
else if (connectionBuilder.AttestationProtocol == SqlConnectionAttestationProtocol.AAS
|| connectionBuilder.AttestationProtocol == SqlConnectionAttestationProtocol.HGS)
{
throw new ArgumentException(SR.ConnectionServiceConnStringMissingAttestationUrlWithAttestationProtocol);
}
if (!string.IsNullOrEmpty(connectionDetails.Encrypt))
{

17
src/Microsoft.SqlTools.ServiceLayer/Connection/Contracts/ConnectionDetails.cs
View File

@@ -116,6 +116,22 @@ namespace Microsoft.SqlTools.ServiceLayer.Connection.Contracts
}
}
/// <summary>
/// Gets or sets a value that specifies that Always Encrypted with Secure Enclaves is enabled in a connection.
/// </summary>
public string SecureEnclaves
{
get
{
return GetOptionValue<string>("secureEnclaves");
}
set
{
SetOptionValue("secureEnclaves", value);
}
}
/// <summary>
/// Gets or sets a value for Attestation Protocol.
/// </summary>
@@ -622,6 +638,7 @@ namespace Microsoft.SqlTools.ServiceLayer.Connection.Contracts
&& string.Equals(AuthenticationType, other.AuthenticationType, System.StringComparison.InvariantCultureIgnoreCase)
&& string.Equals(AzureAccountToken, other.AzureAccountToken, System.StringComparison.InvariantCultureIgnoreCase)
&& string.Equals(ColumnEncryptionSetting, other.ColumnEncryptionSetting, System.StringComparison.InvariantCultureIgnoreCase)
&& string.Equals(SecureEnclaves, other.SecureEnclaves, System.StringComparison.InvariantCultureIgnoreCase)
&& string.Equals(ConnectionString, other.ConnectionString, System.StringComparison.InvariantCultureIgnoreCase)
&& ConnectRetryCount == other.ConnectRetryCount
&& ConnectRetryInterval == other.ConnectRetryInterval

1
src/Microsoft.SqlTools.ServiceLayer/Connection/Contracts/ConnectionDetailsExtensions.cs
View File

@@ -25,6 +25,7 @@ namespace Microsoft.SqlTools.ServiceLayer.Connection.Contracts
Password = details.Password,
AuthenticationType = details.AuthenticationType,
ColumnEncryptionSetting = details.ColumnEncryptionSetting,
SecureEnclaves = details.SecureEnclaves,
EnclaveAttestationProtocol = details.EnclaveAttestationProtocol,
EnclaveAttestationUrl = details.EnclaveAttestationUrl,
Encrypt = details.Encrypt,

30
src/Microsoft.SqlTools.ServiceLayer/Localization/sr.cs
View File

@@ -45,6 +45,14 @@ namespace Microsoft.SqlTools.ServiceLayer
}
}
public static string ConnectionServiceConnStringMissingAttestationUrlWithAttestationProtocol
{
get
{
return Keys.GetString(Keys.ConnectionServiceConnStringMissingAttestationUrlWithAttestationProtocol);
}
}
public static string ConnectionServiceConnStringInvalidAlwaysEncryptedOptionCombination
{
get
@@ -53,6 +61,14 @@ namespace Microsoft.SqlTools.ServiceLayer
}
}
public static string ConnectionServiceConnStringInvalidAttestationProtocolNoneWithUrl
{
get
{
return Keys.GetString(Keys.ConnectionServiceConnStringInvalidAttestationProtocolNoneWithUrl);
}
}
public static string ConnectionServiceConnectionCanceled
{
get
@@ -9713,6 +9729,11 @@ namespace Microsoft.SqlTools.ServiceLayer
return Keys.GetString(Keys.ConnectionServiceConnStringInvalidColumnEncryptionSetting, columnEncryptionSetting);
}
public static string ConnectionServiceConnStringInvalidSecureEnclaves(string secureEnclaves)
{
return Keys.GetString(Keys.ConnectionServiceConnStringInvalidSecureEnclaves, secureEnclaves);
}
public static string ConnectionServiceConnStringInvalidEncryptOption(string encrypt)
{
return Keys.GetString(Keys.ConnectionServiceConnStringInvalidEncryptOption, encrypt);
@@ -10139,15 +10160,24 @@ namespace Microsoft.SqlTools.ServiceLayer
public const string ConnectionServiceConnStringInvalidColumnEncryptionSetting = "ConnectionServiceConnStringInvalidColumnEncryptionSetting";
public const string ConnectionServiceConnStringInvalidSecureEnclaves = "ConnectionServiceConnStringInvalidSecureEnclaves";
public const string ConnectionServiceConnStringInvalidEncryptOption = "ConnectionServiceConnStringInvalidEncryptOption";
public const string ConnectionServiceConnStringInvalidEnclaveAttestationProtocol = "ConnectionServiceConnStringInvalidEnclaveAttestationProtocol";
public const string ConnectionServiceConnStringMissingAttestationUrlWithAttestationProtocol = "ConnectionServiceConnStringMissingAttestationUrlWithAttestationProtocol";
public const string ConnectionServiceConnStringInvalidAlwaysEncryptedOptionCombination = "ConnectionServiceConnStringInvalidAlwaysEncryptedOptionCombination";
public const string ConnectionServiceConnStringInvalidAttestationProtocolNoneWithUrl = "ConnectionServiceConnStringInvalidAttestationProtocolNoneWithUrl";
public const string ConnectionServiceConnStringInvalidIntent = "ConnectionServiceConnStringInvalidIntent";

17
src/Microsoft.SqlTools.ServiceLayer/Localization/sr.resx
View File

@@ -144,6 +144,11 @@
<value>Invalid value &apos;{0}&apos; for ComlumEncryption. Valid values are &apos;Enabled&apos; and &apos;Disabled&apos;.</value>
<comment>.
Parameters: 0 - columnEncryptionSetting (string) </comment>
</data>
<data name="ConnectionServiceConnStringInvalidSecureEnclaves" xml:space="preserve">
<value>Invalid value &apos;{0}&apos; for SecureEnclaves. Valid values are &apos;Enabled&apos; and &apos;Disabled&apos;.</value>
<comment>.
Parameters: 0 - secureEnclaves (string) </comment>
</data>
<data name="ConnectionServiceConnStringInvalidEncryptOption" xml:space="preserve">
<value>Invalid value &apos;{0}&apos; for Encrypt. Valid values are &apos;Optional&apos;, &apos;Mandatory&apos;, &apos;Strict&apos;, &apos;True&apos;, &apos;False&apos;, &apos;Yes&apos; and &apos;No&apos;.</value>
@@ -151,12 +156,20 @@
Parameters: 0 - encrypt (string) </comment>
</data>
<data name="ConnectionServiceConnStringInvalidEnclaveAttestationProtocol" xml:space="preserve">
<value>Invalid value &apos;{0}&apos; for EnclaveAttestationProtocol. Valid values are &apos;AAS&apos; and &apos;HGS&apos;.</value>
<value>Invalid value &apos;{0}&apos; for EnclaveAttestationProtocol. Valid values are &apos;AAS&apos;, &apos;HGS&apos; and &apos;None&apos;.</value>
<comment>.
Parameters: 0 - enclaveAttestationProtocol (string) </comment>
</data>
<data name="ConnectionServiceConnStringMissingAttestationUrlWithAttestationProtocol" xml:space="preserve">
<value>Attestation URL cannot be empty with the selected value of Attestation Protocol.</value>
<comment></comment>
</data>
<data name="ConnectionServiceConnStringInvalidAlwaysEncryptedOptionCombination" xml:space="preserve">
<value>The Attestation Protocol and Enclave Attestation URL requires Always Encrypted to be set to Enabled.</value>
<value>The Attestation Protocol and Enclave Attestation URL requires Always Encrypted with Secure Enclaves to be set to Enabled.</value>
<comment></comment>
</data>
<data name="ConnectionServiceConnStringInvalidAttestationProtocolNoneWithUrl" xml:space="preserve">
<value>The Enclave Attestation URL must not be specified with Attestation Protocol &apos;None&apos;. Either set appropriate Attestation Protocol or remove Attestation URL from connection properties.</value>
<comment></comment>
</data>
<data name="ConnectionServiceConnStringInvalidIntent" xml:space="preserve">

10
src/Microsoft.SqlTools.ServiceLayer/Localization/sr.strings
View File

@@ -35,11 +35,17 @@ ConnectionServiceConnStringInvalidAuthType(string authType) = Invalid value '{0}
ConnectionServiceConnStringInvalidColumnEncryptionSetting(string columnEncryptionSetting) = Invalid value '{0}' for ComlumEncryption. Valid values are 'Enabled' and 'Disabled'.
ConnectionServiceConnStringInvalidSecureEnclaves(string secureEnclaves) = Invalid value '{0}' for SecureEnclaves. Valid values are 'Enabled' and 'Disabled'.
ConnectionServiceConnStringInvalidEncryptOption(string encrypt) = Invalid value '{0}' for Encrypt. Valid values are 'Optional', 'Mandatory', 'Strict', 'True', 'False', 'Yes' and 'No'.
ConnectionServiceConnStringInvalidEnclaveAttestationProtocol(string enclaveAttestationProtocol) = Invalid value '{0}' for EnclaveAttestationProtocol. Valid values are 'AAS' and 'HGS'.
ConnectionServiceConnStringInvalidEnclaveAttestationProtocol(string enclaveAttestationProtocol) = Invalid value '{0}' for EnclaveAttestationProtocol. Valid values are 'AAS', 'HGS' and 'None'.
ConnectionServiceConnStringInvalidAlwaysEncryptedOptionCombination = The Attestation Protocol and Enclave Attestation URL requires Always Encrypted to be set to Enabled.
ConnectionServiceConnStringMissingAttestationUrlWithAttestationProtocol = Attestation URL cannot be empty with the selected value of Attestation Protocol.
ConnectionServiceConnStringInvalidAlwaysEncryptedOptionCombination = The Attestation Protocol and Enclave Attestation URL requires Always Encrypted with Secure Enclaves to be set to Enabled.
ConnectionServiceConnStringInvalidAttestationProtocolNoneWithUrl = The Enclave Attestation URL must not be specified with Attestation Protocol 'None'. Either set appropriate Attestation Protocol or remove Attestation URL from connection properties.
ConnectionServiceConnStringInvalidIntent(string intent) = Invalid value '{0}' for ApplicationIntent. Valid values are 'ReadWrite' and 'ReadOnly'.

24
src/Microsoft.SqlTools.ServiceLayer/Localization/sr.xlf
View File

@@ -2042,14 +2042,14 @@
Parameters: 0 - encrypt (string) </note>
</trans-unit>
<trans-unit id="ConnectionServiceConnStringInvalidEnclaveAttestationProtocol">
<source>Invalid value '{0}' for EnclaveAttestationProtocol. Valid values are 'AAS' and 'HGS'.</source>
<target state="new">Invalid value '{0}' for EnclaveAttestationProtocol. Valid values are 'AAS' and 'HGS'.</target>
<source>Invalid value '{0}' for EnclaveAttestationProtocol. Valid values are 'AAS', 'HGS' and 'None'.</source>
<target state="new">Invalid value '{0}' for EnclaveAttestationProtocol. Valid values are 'AAS', 'HGS' and 'None'.</target>
<note>.
Parameters: 0 - enclaveAttestationProtocol (string) </note>
</trans-unit>
<trans-unit id="ConnectionServiceConnStringInvalidAlwaysEncryptedOptionCombination">
<source>The Attestation Protocol and Enclave Attestation URL requires Always Encrypted to be set to Enabled.</source>
<target state="new">The Attestation Protocol and Enclave Attestation URL requires Always Encrypted to be set to Enabled.</target>
<source>The Attestation Protocol and Enclave Attestation URL requires Always Encrypted with Secure Enclaves to be set to Enabled.</source>
<target state="new">The Attestation Protocol and Enclave Attestation URL requires Always Encrypted with Secure Enclaves to be set to Enabled.</target>
<note></note>
</trans-unit>
<trans-unit id="SqlCmdExitOnError">
@@ -6550,6 +6550,22 @@ The Query Processor estimates that implementing the following index could improv
<target state="new">Built-in Schemas</target>
<note></note>
</trans-unit>
<trans-unit id="ConnectionServiceConnStringMissingAttestationUrlWithAttestationProtocol">
<source>Attestation URL cannot be empty with the selected value of Attestation Protocol.</source>
<target state="new">Attestation URL cannot be empty with the selected value of Attestation Protocol.</target>
<note></note>
</trans-unit>
<trans-unit id="ConnectionServiceConnStringInvalidSecureEnclaves">
<source>Invalid value '{0}' for SecureEnclaves. Valid values are 'Enabled' and 'Disabled'.</source>
<target state="new">Invalid value '{0}' for SecureEnclaves. Valid values are 'Enabled' and 'Disabled'.</target>
<note>.
Parameters: 0 - secureEnclaves (string) </note>
</trans-unit>
<trans-unit id="ConnectionServiceConnStringInvalidAttestationProtocolNoneWithUrl">
<source>The Enclave Attestation URL must not be specified with Attestation Protocol 'None'. Either set appropriate Attestation Protocol or remove Attestation URL from connection properties.</source>
<target state="new">The Enclave Attestation URL must not be specified with Attestation Protocol 'None'. Either set appropriate Attestation Protocol or remove Attestation URL from connection properties.</target>
<note></note>
</trans-unit>
</body>
</file>
</xliff>