Client Encryption: Fix decryption for 'order by' query results #1369
Conversation
anujtoshniwal
requested review from
bchong95,
kirankumarkolli,
j82w and
abhijitpai
anujtoshniwal
requested review from
ealsur,
FabianMeiswinkel,
kirillg and
sboshra
as code owners
Microsoft.Azure.Cosmos/tests/Microsoft.Azure.Cosmos.EmulatorTests/EncryptionTests.cs
Outdated
Show resolved
Hide resolved
Microsoft.Azure.Cosmos/tests/Microsoft.Azure.Cosmos.EmulatorTests/EncryptionTests.cs
Show resolved
Hide resolved
Microsoft.Azure.Cosmos/src/Query/v3Query/CosmosQueryClientCore.cs
Outdated
Show resolved
Hide resolved
Microsoft.Azure.Cosmos/src/Query/v3Query/CosmosQueryClientCore.cs
Outdated
Show resolved
Hide resolved
Microsoft.Azure.Cosmos/tests/Microsoft.Azure.Cosmos.EmulatorTests/EncryptionTests.cs
Show resolved
Hide resolved
| @@ -181,5 +194,34 @@ public override CosmosElement GetCosmsoElementContinuationToken() | |||
| { | |||
| return this.cosmosQueryExecutionContext.GetCosmosElementContinuationToken(); | |||
| } | |||
|
|
|||
| private async Task<List<CosmosElement>> GetDecryptedElementResponseAsync( | |||
There was a problem hiding this comment.
At this point all the encryption and decryption seems to happen outside of the core SDK logic. In fact, it seems a user could implement this feature without any internal access, since it's encrypting the document before write and decrypting after read. If that's the case couldn't we just have an EncryptedContainer class that composes / wraps Container and just wraps all the methods appropriately? That core SDK logic will not need to know about encryption.
There was a problem hiding this comment.
The container is not encrypted, only some fields in some items are - given this, should users use Container when they think the item they are reading doesn't have encrypted properties? The answer is no, since customers may not even know whether the item they are reading has encrypted properties - given this, we should not force customers to use one more set of classes.
There was a problem hiding this comment.
I think @bchong95 is talking about something like this. Where the EncryptedContainer is just an internal implementation class that is never directly exposed to users. All the encryption logic is completely external to the SDK. It's just like if an external users created the package.
public sealed class EncryptionDatabaseCore : Database
{
private Database database;
public override Container GetContainer(string id){ return new EncryptionContainerCore();}
}
public sealed class EncryptionContainerCore : Container
{
private Container container;
public override ItemResponse<T> CreateItemAsync<T>(){}
.....
}
There was a problem hiding this comment.
Thanks Jake, Brandon & Abhijit! I've setup some time with you guys & Kiran to finalize the internal implementation details so as to be on the same page and avoid back & forth.
Since this is internal implementation details we are talking about, maybe I can work on refactoring the code as a follow up if we decide to go down that route? In the meanwhile, can we get this fix in to unblock Office team for now?
There was a problem hiding this comment.
Resolved offline. @anujtoshniwal will follow-up with future PR.
Co-Authored-By: j82w <j82w@users.noreply.github.com>
Description
For 'order by' queries, the response from the server is wrapped in the form of {orderByItems, payload}. In this case, the payload contains the document properties (including encryption property ("_ei")) as opposed to normal queries which had the properties as part of the response itself. As a result, EncryptionProcessor wasn't able to find encryption property and hence didn't decrypt accordingly for orderBy queries. The fix is to move the decryption logic from CosmosQueryClientCore.cs to QueryIterator.cs where the response is already ordered and unwrapped.
Type of change
Please delete options that are not relevant.