Improve secure enclaves error handling (#1880)

src/Microsoft.SqlTools.ServiceLayer/Connection/ConnectionService.cs

@@ -1349,9 +1349,24 @@ namespace Microsoft.SqlTools.ServiceLayer.Connection
                         throw new ArgumentException(SR.ConnectionServiceConnStringInvalidColumnEncryptionSetting(connectionDetails.ColumnEncryptionSetting));
                 }
             }
+            if (!string.IsNullOrEmpty(connectionDetails.SecureEnclaves))
+            {
+                // Secure Enclaves is not mapped to SqlConnection, it's only used for throwing validation errors
+                // when Enclave Attestation Protocol is missing.
+                switch (connectionDetails.SecureEnclaves.ToUpper())
+                {
+                    case "ENABLED":
+                        break;
+                    case "DISABLED":
+                        break;
+                    default:
+                        throw new ArgumentException(SR.ConnectionServiceConnStringInvalidSecureEnclaves(connectionDetails.SecureEnclaves));
+                }
+            }
             if (!string.IsNullOrEmpty(connectionDetails.EnclaveAttestationProtocol))
             {
-                if (string.IsNullOrEmpty(connectionDetails.ColumnEncryptionSetting) || connectionDetails.ColumnEncryptionSetting.ToUpper() == "DISABLED")
+                if (string.IsNullOrEmpty(connectionDetails.ColumnEncryptionSetting) || connectionDetails.ColumnEncryptionSetting.ToUpper() == "DISABLED"
+                    || string.IsNullOrEmpty(connectionDetails.SecureEnclaves) || connectionDetails.SecureEnclaves.ToUpper() == "DISABLED")
                 {
                     throw new ArgumentException(SR.ConnectionServiceConnStringInvalidAlwaysEncryptedOptionCombination);
                 }
@@ -1364,7 +1379,7 @@ namespace Microsoft.SqlTools.ServiceLayer.Connection
                     case "HGS":
                         connectionBuilder.AttestationProtocol = SqlConnectionAttestationProtocol.HGS;
                         break;
-                    case "None":
+                    case "NONE":
                         connectionBuilder.AttestationProtocol = SqlConnectionAttestationProtocol.None;
                         break;
                     default:
@@ -1373,13 +1388,24 @@ namespace Microsoft.SqlTools.ServiceLayer.Connection
             }
             if (!string.IsNullOrEmpty(connectionDetails.EnclaveAttestationUrl))
             {
-                if (string.IsNullOrEmpty(connectionDetails.ColumnEncryptionSetting) || connectionDetails.ColumnEncryptionSetting.ToUpper() == "DISABLED")
+                if (string.IsNullOrEmpty(connectionDetails.ColumnEncryptionSetting) || connectionDetails.ColumnEncryptionSetting.ToUpper() == "DISABLED"
+                    || string.IsNullOrEmpty(connectionDetails.SecureEnclaves) || connectionDetails.SecureEnclaves.ToUpper() == "DISABLED")
                 {
                     throw new ArgumentException(SR.ConnectionServiceConnStringInvalidAlwaysEncryptedOptionCombination);
                 }
 
+                if(connectionBuilder.AttestationProtocol == SqlConnectionAttestationProtocol.None)
+                {
+                    throw new ArgumentException(SR.ConnectionServiceConnStringInvalidAttestationProtocolNoneWithUrl);
+                }
+
                 connectionBuilder.EnclaveAttestationUrl = connectionDetails.EnclaveAttestationUrl;
             }
+            else if (connectionBuilder.AttestationProtocol == SqlConnectionAttestationProtocol.AAS
+                || connectionBuilder.AttestationProtocol == SqlConnectionAttestationProtocol.HGS)
+            {
+                throw new ArgumentException(SR.ConnectionServiceConnStringMissingAttestationUrlWithAttestationProtocol);
+            }
 
             if (!string.IsNullOrEmpty(connectionDetails.Encrypt))
             {

src/Microsoft.SqlTools.ServiceLayer/Connection/Contracts/ConnectionDetails.cs

@@ -116,6 +116,22 @@ namespace Microsoft.SqlTools.ServiceLayer.Connection.Contracts
             }
         }
 
+        /// <summary>
+        /// Gets or sets a value that specifies that Always Encrypted with Secure Enclaves is enabled in a connection.
+        /// </summary>
+        public string SecureEnclaves
+        {
+            get
+            {
+                return GetOptionValue<string>("secureEnclaves");
+            }
+
+            set
+            {
+                SetOptionValue("secureEnclaves", value);
+            }
+        }
+
         /// <summary>
         /// Gets or sets a value for Attestation Protocol.
         /// </summary>
@@ -622,6 +638,7 @@ namespace Microsoft.SqlTools.ServiceLayer.Connection.Contracts
             && string.Equals(AuthenticationType, other.AuthenticationType, System.StringComparison.InvariantCultureIgnoreCase)
             && string.Equals(AzureAccountToken, other.AzureAccountToken, System.StringComparison.InvariantCultureIgnoreCase)
             && string.Equals(ColumnEncryptionSetting, other.ColumnEncryptionSetting, System.StringComparison.InvariantCultureIgnoreCase)
+            && string.Equals(SecureEnclaves, other.SecureEnclaves, System.StringComparison.InvariantCultureIgnoreCase)
             && string.Equals(ConnectionString, other.ConnectionString, System.StringComparison.InvariantCultureIgnoreCase)
             && ConnectRetryCount == other.ConnectRetryCount
             && ConnectRetryInterval == other.ConnectRetryInterval

src/Microsoft.SqlTools.ServiceLayer/Connection/Contracts/ConnectionDetailsExtensions.cs

@@ -25,6 +25,7 @@ namespace Microsoft.SqlTools.ServiceLayer.Connection.Contracts
                 Password = details.Password,
                 AuthenticationType = details.AuthenticationType,
                 ColumnEncryptionSetting = details.ColumnEncryptionSetting,
+                SecureEnclaves = details.SecureEnclaves,
                 EnclaveAttestationProtocol = details.EnclaveAttestationProtocol,
                 EnclaveAttestationUrl = details.EnclaveAttestationUrl,
                 Encrypt = details.Encrypt,

src/Microsoft.SqlTools.ServiceLayer/Localization/sr.cs

@@ -45,6 +45,14 @@ namespace Microsoft.SqlTools.ServiceLayer
             }
         }
 
+        public static string ConnectionServiceConnStringMissingAttestationUrlWithAttestationProtocol
+        {
+            get
+            {
+                return Keys.GetString(Keys.ConnectionServiceConnStringMissingAttestationUrlWithAttestationProtocol);
+            }
+        }
+
         public static string ConnectionServiceConnStringInvalidAlwaysEncryptedOptionCombination
         {
             get
@@ -53,6 +61,14 @@ namespace Microsoft.SqlTools.ServiceLayer
             }
         }
 
+        public static string ConnectionServiceConnStringInvalidAttestationProtocolNoneWithUrl
+        {
+            get
+            {
+                return Keys.GetString(Keys.ConnectionServiceConnStringInvalidAttestationProtocolNoneWithUrl);
+            }
+        }
+
         public static string ConnectionServiceConnectionCanceled
         {
             get
@@ -9713,6 +9729,11 @@ namespace Microsoft.SqlTools.ServiceLayer
             return Keys.GetString(Keys.ConnectionServiceConnStringInvalidColumnEncryptionSetting, columnEncryptionSetting);
         }
 
+        public static string ConnectionServiceConnStringInvalidSecureEnclaves(string secureEnclaves)
+        {
+            return Keys.GetString(Keys.ConnectionServiceConnStringInvalidSecureEnclaves, secureEnclaves);
+        }
+
         public static string ConnectionServiceConnStringInvalidEncryptOption(string encrypt)
         {
             return Keys.GetString(Keys.ConnectionServiceConnStringInvalidEncryptOption, encrypt);
@@ -10139,15 +10160,24 @@ namespace Microsoft.SqlTools.ServiceLayer
             public const string ConnectionServiceConnStringInvalidColumnEncryptionSetting = "ConnectionServiceConnStringInvalidColumnEncryptionSetting";
 
 
+            public const string ConnectionServiceConnStringInvalidSecureEnclaves = "ConnectionServiceConnStringInvalidSecureEnclaves";
+
+
             public const string ConnectionServiceConnStringInvalidEncryptOption = "ConnectionServiceConnStringInvalidEncryptOption";
 
 
             public const string ConnectionServiceConnStringInvalidEnclaveAttestationProtocol = "ConnectionServiceConnStringInvalidEnclaveAttestationProtocol";
 
 
+            public const string ConnectionServiceConnStringMissingAttestationUrlWithAttestationProtocol = "ConnectionServiceConnStringMissingAttestationUrlWithAttestationProtocol";
+
+
             public const string ConnectionServiceConnStringInvalidAlwaysEncryptedOptionCombination = "ConnectionServiceConnStringInvalidAlwaysEncryptedOptionCombination";
 
 
+            public const string ConnectionServiceConnStringInvalidAttestationProtocolNoneWithUrl = "ConnectionServiceConnStringInvalidAttestationProtocolNoneWithUrl";
+
+
             public const string ConnectionServiceConnStringInvalidIntent = "ConnectionServiceConnStringInvalidIntent";
 
 

src/Microsoft.SqlTools.ServiceLayer/Localization/sr.resx

@@ -144,6 +144,11 @@
     <value>Invalid value &apos;{0}&apos; for ComlumEncryption. Valid values are &apos;Enabled&apos; and &apos;Disabled&apos;.</value>
     <comment>.
  Parameters: 0 - columnEncryptionSetting (string) </comment>
+  </data>
+  <data name="ConnectionServiceConnStringInvalidSecureEnclaves" xml:space="preserve">
+    <value>Invalid value &apos;{0}&apos; for SecureEnclaves. Valid values are &apos;Enabled&apos; and &apos;Disabled&apos;.</value>
+    <comment>.
+ Parameters: 0 - secureEnclaves (string) </comment>
   </data>
   <data name="ConnectionServiceConnStringInvalidEncryptOption" xml:space="preserve">
     <value>Invalid value &apos;{0}&apos; for Encrypt. Valid values are &apos;Optional&apos;, &apos;Mandatory&apos;, &apos;Strict&apos;, &apos;True&apos;, &apos;False&apos;, &apos;Yes&apos; and &apos;No&apos;.</value>
@@ -151,12 +156,20 @@
  Parameters: 0 - encrypt (string) </comment>
   </data>
   <data name="ConnectionServiceConnStringInvalidEnclaveAttestationProtocol" xml:space="preserve">
-    <value>Invalid value &apos;{0}&apos; for EnclaveAttestationProtocol. Valid values are &apos;AAS&apos; and &apos;HGS&apos;.</value>
+    <value>Invalid value &apos;{0}&apos; for EnclaveAttestationProtocol. Valid values are &apos;AAS&apos;, &apos;HGS&apos; and &apos;None&apos;.</value>
     <comment>.
  Parameters: 0 - enclaveAttestationProtocol (string) </comment>
   </data>
+  <data name="ConnectionServiceConnStringMissingAttestationUrlWithAttestationProtocol" xml:space="preserve">
+    <value>Attestation URL cannot be empty with the selected value of Attestation Protocol.</value>
+    <comment></comment>
+  </data>
   <data name="ConnectionServiceConnStringInvalidAlwaysEncryptedOptionCombination" xml:space="preserve">
-    <value>The Attestation Protocol and Enclave Attestation URL requires Always Encrypted to be set to Enabled.</value>
+    <value>The Attestation Protocol and Enclave Attestation URL requires Always Encrypted with Secure Enclaves to be set to Enabled.</value>
+    <comment></comment>
+  </data>
+  <data name="ConnectionServiceConnStringInvalidAttestationProtocolNoneWithUrl" xml:space="preserve">
+    <value>The Enclave Attestation URL must not be specified with Attestation Protocol &apos;None&apos;. Either set appropriate Attestation Protocol or remove Attestation URL from connection properties.</value>
     <comment></comment>
   </data>
   <data name="ConnectionServiceConnStringInvalidIntent" xml:space="preserve">

src/Microsoft.SqlTools.ServiceLayer/Localization/sr.strings

@@ -35,11 +35,17 @@ ConnectionServiceConnStringInvalidAuthType(string authType) = Invalid value '{0}
 
 ConnectionServiceConnStringInvalidColumnEncryptionSetting(string columnEncryptionSetting) = Invalid value '{0}' for ComlumEncryption. Valid values are 'Enabled' and 'Disabled'.
 
+ConnectionServiceConnStringInvalidSecureEnclaves(string secureEnclaves) = Invalid value '{0}' for SecureEnclaves. Valid values are 'Enabled' and 'Disabled'.
+
 ConnectionServiceConnStringInvalidEncryptOption(string encrypt) = Invalid value '{0}' for Encrypt. Valid values are 'Optional', 'Mandatory', 'Strict', 'True', 'False', 'Yes' and 'No'.
 
-ConnectionServiceConnStringInvalidEnclaveAttestationProtocol(string enclaveAttestationProtocol) = Invalid value '{0}' for EnclaveAttestationProtocol. Valid values are 'AAS' and 'HGS'.
+ConnectionServiceConnStringInvalidEnclaveAttestationProtocol(string enclaveAttestationProtocol) = Invalid value '{0}' for EnclaveAttestationProtocol. Valid values are 'AAS', 'HGS' and 'None'.
 
-ConnectionServiceConnStringInvalidAlwaysEncryptedOptionCombination = The Attestation Protocol and Enclave Attestation URL requires Always Encrypted to be set to Enabled.
+ConnectionServiceConnStringMissingAttestationUrlWithAttestationProtocol = Attestation URL cannot be empty with the selected value of Attestation Protocol.
+
+ConnectionServiceConnStringInvalidAlwaysEncryptedOptionCombination = The Attestation Protocol and Enclave Attestation URL requires Always Encrypted with Secure Enclaves to be set to Enabled.
+
+ConnectionServiceConnStringInvalidAttestationProtocolNoneWithUrl = The Enclave Attestation URL must not be specified with Attestation Protocol 'None'. Either set appropriate Attestation Protocol or remove Attestation URL from connection properties.
 
 ConnectionServiceConnStringInvalidIntent(string intent) = Invalid value '{0}' for ApplicationIntent. Valid values are 'ReadWrite' and 'ReadOnly'.
 

src/Microsoft.SqlTools.ServiceLayer/Localization/sr.xlf

@@ -2042,14 +2042,14 @@
  Parameters: 0 - encrypt (string) </note>
       </trans-unit>
       <trans-unit id="ConnectionServiceConnStringInvalidEnclaveAttestationProtocol">
-        <source>Invalid value '{0}' for EnclaveAttestationProtocol. Valid values are 'AAS' and 'HGS'.</source>
+        <source>Invalid value '{0}' for EnclaveAttestationProtocol. Valid values are 'AAS', 'HGS' and 'None'.</source>
-        <target state="new">Invalid value '{0}' for EnclaveAttestationProtocol. Valid values are 'AAS' and 'HGS'.</target>
+        <target state="new">Invalid value '{0}' for EnclaveAttestationProtocol. Valid values are 'AAS', 'HGS' and 'None'.</target>
         <note>.
  Parameters: 0 - enclaveAttestationProtocol (string) </note>
       </trans-unit>
       <trans-unit id="ConnectionServiceConnStringInvalidAlwaysEncryptedOptionCombination">
-        <source>The Attestation Protocol and Enclave Attestation URL requires Always Encrypted to be set to Enabled.</source>
+        <source>The Attestation Protocol and Enclave Attestation URL requires Always Encrypted with Secure Enclaves to be set to Enabled.</source>
-        <target state="new">The Attestation Protocol and Enclave Attestation URL requires Always Encrypted to be set to Enabled.</target>
+        <target state="new">The Attestation Protocol and Enclave Attestation URL requires Always Encrypted with Secure Enclaves to be set to Enabled.</target>
         <note></note>
       </trans-unit>
       <trans-unit id="SqlCmdExitOnError">
@@ -6550,6 +6550,22 @@ The Query Processor estimates that implementing the following index could improv
         <target state="new">Built-in Schemas</target>
         <note></note>
       </trans-unit>
+      <trans-unit id="ConnectionServiceConnStringMissingAttestationUrlWithAttestationProtocol">
+        <source>Attestation URL cannot be empty with the selected value of Attestation Protocol.</source>
+        <target state="new">Attestation URL cannot be empty with the selected value of Attestation Protocol.</target>
+        <note></note>
+      </trans-unit>
+      <trans-unit id="ConnectionServiceConnStringInvalidSecureEnclaves">
+        <source>Invalid value '{0}' for SecureEnclaves. Valid values are 'Enabled' and 'Disabled'.</source>
+        <target state="new">Invalid value '{0}' for SecureEnclaves. Valid values are 'Enabled' and 'Disabled'.</target>
+        <note>.
+ Parameters: 0 - secureEnclaves (string) </note>
+      </trans-unit>
+      <trans-unit id="ConnectionServiceConnStringInvalidAttestationProtocolNoneWithUrl">
+        <source>The Enclave Attestation URL must not be specified with Attestation Protocol 'None'. Either set appropriate Attestation Protocol or remove Attestation URL from connection properties.</source>
+        <target state="new">The Enclave Attestation URL must not be specified with Attestation Protocol 'None'. Either set appropriate Attestation Protocol or remove Attestation URL from connection properties.</target>
+        <note></note>
+      </trans-unit>
     </body>
   </file>
 </xliff>

test/Microsoft.SqlTools.ServiceLayer.UnitTests/Connection/ConnectionDetailsTests.cs

@@ -49,6 +49,7 @@ namespace Microsoft.SqlTools.ServiceLayer.UnitTests.Connection
             Assert.AreEqual(details.MinPoolSize, expectedForInt);
             Assert.AreEqual(details.PacketSize, expectedForInt);
             Assert.AreEqual(details.ColumnEncryptionSetting, expectedForStrings);
+            Assert.AreEqual(details.SecureEnclaves, expectedForStrings);
             Assert.AreEqual(details.EnclaveAttestationUrl, expectedForStrings);
             Assert.AreEqual(details.EnclaveAttestationProtocol, expectedForStrings);
             Assert.AreEqual(details.Encrypt, expectedForStrings);
@@ -91,6 +92,7 @@ namespace Microsoft.SqlTools.ServiceLayer.UnitTests.Connection
             details.MinPoolSize = expectedForInt + index++;
             details.PacketSize = expectedForInt + index++;
             details.ColumnEncryptionSetting = expectedForStrings + index++;
+            details.SecureEnclaves = expectedForStrings + index++;
             details.EnclaveAttestationProtocol = expectedForStrings + index++;
             details.EnclaveAttestationUrl = expectedForStrings + index++;
             details.Encrypt = expectedForStrings + index++;
@@ -125,6 +127,7 @@ namespace Microsoft.SqlTools.ServiceLayer.UnitTests.Connection
             Assert.AreEqual(details.MinPoolSize, expectedForInt + index++);
             Assert.AreEqual(details.PacketSize, expectedForInt + index++);
             Assert.AreEqual(details.ColumnEncryptionSetting, expectedForStrings + index++);
+            Assert.AreEqual(details.SecureEnclaves, expectedForStrings + index++);
             Assert.AreEqual(details.EnclaveAttestationProtocol, expectedForStrings + index++);
             Assert.AreEqual(details.EnclaveAttestationUrl, expectedForStrings + index++);
             Assert.AreEqual(details.Encrypt, expectedForStrings + index++);

test/Microsoft.SqlTools.ServiceLayer.UnitTests/Connection/ConnectionServiceTests.cs

@@ -584,13 +584,14 @@ namespace Microsoft.SqlTools.ServiceLayer.UnitTests.Connection
 
         private static readonly object[] optionalEnclaveParameters =
         {
-            new object[] {"EnclaveAttestationProtocol", "AAS", "Attestation Protocol=AAS"},
+            new object[] {"AAS", "https://attestation.us.attest.azure.net/attest/SgxEnclave", "Enclave Attestation Url=https://attestation.us.attest.azure.net/attest/SgxEnclave;Attestation Protocol=AAS"},
-            new object[] {"EnclaveAttestationProtocol", "HGS", "Attestation Protocol=HGS"},
+            new object[] {"HGS", "https://attestation.us.attest.azure.net/attest/SgxEnclave", "Enclave Attestation Url=https://attestation.us.attest.azure.net/attest/SgxEnclave;Attestation Protocol=HGS"},
-            new object[] {"EnclaveAttestationProtocol", "aas", "Attestation Protocol=AAS"},
+            new object[] {"aas", "https://attestation.us.attest.azure.net/attest/SgxEnclave", "Enclave Attestation Url=https://attestation.us.attest.azure.net/attest/SgxEnclave;Attestation Protocol=AAS"},
-            new object[] {"EnclaveAttestationProtocol", "hgs", "Attestation Protocol=HGS"},
+            new object[] {"hgs", "https://attestation.us.attest.azure.net/attest/SgxEnclave", "Enclave Attestation Url=https://attestation.us.attest.azure.net/attest/SgxEnclave;Attestation Protocol=HGS"},
-            new object[] {"EnclaveAttestationProtocol", "AaS", "Attestation Protocol=AAS"},
+            new object[] {"AaS", "https://attestation.us.attest.azure.net/attest/SgxEnclave", "Enclave Attestation Url=https://attestation.us.attest.azure.net/attest/SgxEnclave;Attestation Protocol=AAS"},
-            new object[] {"EnclaveAttestationProtocol", "hGs", "Attestation Protocol=HGS"},
+            new object[] {"hGs", "https://attestation.us.attest.azure.net/attest/SgxEnclave", "Enclave Attestation Url=https://attestation.us.attest.azure.net/attest/SgxEnclave;Attestation Protocol=HGS"},
-            new object[] {"EnclaveAttestationUrl", "https://attestation.us.attest.azure.net/attest/SgxEnclave", "Enclave Attestation Url=https://attestation.us.attest.azure.net/attest/SgxEnclave" },
+            new object[] {"NONE", null, "Attestation Protocol=None"},
+            new object[] {"None", null, "Attestation Protocol=None" },
         };
 
         /// <summary>
@@ -598,18 +599,28 @@ namespace Microsoft.SqlTools.ServiceLayer.UnitTests.Connection
         /// can be built into a connection string for connecting.
         /// </summary>
         [Test, TestCaseSource(nameof(optionalEnclaveParameters))]
-        public void ConnectingWithOptionalEnclaveParametersBuildsConnectionString(string propertyName, object propertyValue, string connectionStringMarker)
+        public void ConnectingWithOptionalEnclaveParametersBuildsConnectionString(string attestationProtocol, string attestationUrl, string connectionStringMarker)
         {
-            // Create a test connection details object and set the property to a specific value
+            // Create a test connection details object
             ConnectionDetails details = TestObjects.GetTestConnectionDetails();
-            details.ColumnEncryptionSetting = "Enabled";
-            details.GetType()
-                .GetProperty(propertyName)
-                .SetValue(details, propertyValue);
 
-            // Test that a connection string can be created without exceptions
+            //Enable Secure Enclaves
+            details.ColumnEncryptionSetting = "Enabled";
+            details.SecureEnclaves = "Enabled";
+
+            // Set Attestation Protocol
+            details.GetType()
+                .GetProperty("EnclaveAttestationProtocol")
+                .SetValue(details, attestationProtocol);
+
+            // Set Attestation URL
+            details.GetType()
+                .GetProperty("EnclaveAttestationUrl")
+                .SetValue(details, attestationUrl);
+
+            // Test that a connection string can be created without exceptions with provided combinations.
             string connectionString = ConnectionService.BuildConnectionString(details);
-            Assert.That(connectionString, Contains.Substring(connectionStringMarker), "Verify that the parameter is in the connection string");
+            Assert.That(connectionString, Contains.Substring(connectionStringMarker), "Verify that the parameters are in the connection string");
         }
 
         private static readonly object[] invalidOptions =
@@ -617,6 +628,9 @@ namespace Microsoft.SqlTools.ServiceLayer.UnitTests.Connection
             new object[] {"AuthenticationType", "NotAValidAuthType" },
             new object[] {"ColumnEncryptionSetting", "NotAValidColumnEncryptionSetting" },
             new object[] {"EnclaveAttestationProtocol", "NotAValidEnclaveAttestationProtocol" },
+            new object[] {"EnclaveAttestationProtocol", "AAS" }, // Without Attestation Url
+            new object[] {"EnclaveAttestationProtocol", "hgs" }, // Without Attestation Url
+            new object[] { "EnclaveAttestationUrl", "https://attestation.us.attest.azure.net/attest/SgxEnclave" }, // Without Attestation Protocol
         };
 
         /// <summary>
@@ -639,12 +653,26 @@ namespace Microsoft.SqlTools.ServiceLayer.UnitTests.Connection
                     Tuple.Create<string, object>("EnclaveAttestationProtocol", "AAS"),
                     Tuple.Create<string, object>("EnclaveAttestationUrl", "https://attestation.us.attest.azure.net/attest/SgxEnclave")
                 },
+            new []
+                {
+                    Tuple.Create<string, object>("ColumnEncryptionSetting", "Enabled"),
+                    Tuple.Create<string, object>("SecureEnclaves", null),
+                    Tuple.Create<string, object>("EnclaveAttestationProtocol", "AAS"),
+                    Tuple.Create<string, object>("EnclaveAttestationUrl", "https://attestation.us.attest.azure.net/attest/SgxEnclave")
+                },
             new []
                 {
                     Tuple.Create<string, object>("ColumnEncryptionSetting", "Disabled"),
                     Tuple.Create<string, object>("EnclaveAttestationProtocol", "AAS"),
                     Tuple.Create<string, object>("EnclaveAttestationUrl", "https://attestation.us.attest.azure.net/attest/SgxEnclave")
                 },
+            new []
+                {
+                    Tuple.Create<string, object>("ColumnEncryptionSetting", "Enabled"),
+                    Tuple.Create<string, object>("SecureEnclaves", "Disabled"),
+                    Tuple.Create<string, object>("EnclaveAttestationProtocol", "AAS"),
+                    Tuple.Create<string, object>("EnclaveAttestationUrl", "https://attestation.us.attest.azure.net/attest/SgxEnclave")
+                },
             new []
                 {
                     Tuple.Create<string, object>("ColumnEncryptionSetting", ""),

test/Microsoft.SqlTools.ServiceLayer.UnitTests/Utility/SrTests.cs

@@ -35,6 +35,12 @@ namespace Microsoft.SqlTools.ServiceLayer.UnitTests.Utility
             Assert.NotNull(ServiceLayerSr.ConnectionParamsValidateNullSqlAuth(""));
             Assert.NotNull(ServiceLayerSr.ConnectionServiceConnectErrorNullParams);
             Assert.NotNull(ServiceLayerSr.ConnectionServiceConnectionCanceled);
+            Assert.NotNull(ServiceLayerSr.ConnectionServiceConnStringMissingAttestationUrlWithAttestationProtocol);
+            Assert.NotNull(ServiceLayerSr.ConnectionServiceConnStringInvalidAttestationProtocolNoneWithUrl);
+            Assert.NotNull(ServiceLayerSr.ConnectionServiceConnStringInvalidEnclaveAttestationProtocol(""));
+            Assert.NotNull(ServiceLayerSr.ConnectionServiceConnStringInvalidColumnEncryptionSetting(""));
+            Assert.NotNull(ServiceLayerSr.ConnectionServiceConnStringInvalidSecureEnclaves(""));
+            Assert.NotNull(ServiceLayerSr.ConnectionServiceConnStringInvalidEncryptOption(""));
             Assert.NotNull(ServiceLayerSr.ConnectionServiceConnStringInvalidAuthType(""));
             Assert.NotNull(ServiceLayerSr.ConnectionServiceConnStringInvalidIntent(""));
             Assert.NotNull(ServiceLayerSr.ConnectionServiceDbErrorDefaultNotConnected(""));