Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cosmosdb/client encryption fix #33355

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Cosmosdb/client encryption fix #33355

wants to merge 2 commits into from

Conversation

amanrao23
Copy link
Member

Packages impacted by this PR

@azure/cosmos

Issues associated with this PR

Describe the problem that is addressed by this PR

This PR fixes issues related to client side encryption

What are the possible designs available to address the problem? If there are more than one possible design, why was the one in this PR chosen?

Are there test cases added in this PR? (If not, why?)

Provide a list of related PRs (if any)

Command used to generate this PR:**(Applicable only to SDK release request PRs)

Checklists

  • Added impacted package name to the issue description
  • Does this PR needs any fixes in the SDK Generator?** (If so, create an Issue in the Autorest/typescript repository and link it here)
  • Added a changelog (if necessary)

@Copilot Copilot bot review requested due to automatic review settings March 12, 2025 12:17
Copilot
Copilot AI reviewed Mar 12, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR fixes client‐side encryption issues in the Cosmos DB SDK by converting key data types from Buffer to Uint8Array, renaming parameters for clarity, and updating type definitions and sample code.

  • Methods in key wrapping/unwrapping now use Uint8Array for consistency.
  • Parameter names have been updated (e.g. from “id” to “clientEncryptionKeyId”) and client encryption metadata and included paths are now defined as object literals.
  • The API and sample documentation have been updated accordingly.

Reviewed Changes

Copilot reviewed 17 out of 17 changed files in this pull request and generated 1 comment.

Show a summary per file
File Description
sdk/cosmosdb/cosmos/src/encryption/EncryptionKeyStoreProvider.ts Converts keys to/from Uint8Array and Buffer for proper wrapping/unwrapping.
sdk/cosmosdb/cosmos/src/encryption/EncryptionProcessor.ts Updates wrapped key conversion to Uint8Array.
sdk/cosmosdb/cosmos/review/cosmos.api.md Updates method signatures to use Uint8Array instead of Buffer.
sdk/cosmosdb/cosmos/src/client/Database/Database.ts Renames parameters (id → clientEncryptionKeyId) and updates key conversion logic.
sdk/cosmosdb/cosmos/src/encryption/Cache/ProtectedDataEncryptionKeyCache.ts Adjusts parameter conversion from Buffer to Uint8Array.
sdk/cosmosdb/cosmos/src/encryption/EncryptionKeyWrapMetadata.ts Switches from a class to an interface definition with updated properties.
sdk/cosmosdb/cosmos/src/encryption/ClientEncryptionIncludedPath.ts Changes from a class to an interface and standardizes property names.
sdk/cosmosdb/cosmos/src/encryption/EncryptionKeyResolver/AzureKeyVaultEncryptionKeyResolver.ts Updates key wrapping/unwrapping methods to use Uint8Array.
Samples & CHANGELOG Updates sample code and changelog snippets to use object literal style for metadata and paths.
sdk/cosmosdb/cosmos/src/encryption/EncryptionKeyResolver/EncryptionKeyResolver.ts Adjusts interface definitions to use Uint8Array.
sdk/cosmosdb/cosmos/src/encryption/ClientEncryptionKey/ClientEncryptionKeyProperties.ts Changes the type of wrappedDataEncryptionKey from Buffer to Uint8Array.
Tests Updates test constructors to align with new object literal definitions for encryption settings.
Comments suppressed due to low confidence (1)

sdk/cosmosdb/cosmos/samples-dev/ClientSideEncryption.ts:147

  • There is a spelling error in the property name; 'algoruthm' should be 'algorithm'.
algoruthm: KeyEncryptionAlgorithm.RSA_OAEP,

sdk/cosmosdb/cosmos/CHANGELOG.md
type: EncryptionKeyResolverName.AzureKeyVault,
name: "akvKey",
value: "https://<my-key-vault>.vault.azure.net/keys/<key>/<version>",
algoriithm: KeyEncryptionAlgorithm.RSA_OAEP
Copy link
Preview

Copilot AI Mar 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is a spelling error in the property name; 'algoriithm' should be 'algorithm'.

Suggested change
algoriithm: KeyEncryptionAlgorithm.RSA_OAEP
algorithm: KeyEncryptionAlgorithm.RSA_OAEP

Copilot is powered by AI, so mistakes are possible. Review output carefully before use.

Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
@azure-sdk
Copy link
Collaborator

API change check

APIView has identified API level changes in this PR and created following API reviews.

@azure/cosmos

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

@aditishree1 aditishree1 Awaiting requested review from aditishree1 aditishree1 is a code owner

@sajeetharan sajeetharan Awaiting requested review from sajeetharan sajeetharan is a code owner

@topshot99 topshot99 Awaiting requested review from topshot99 topshot99 is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
Cosmos
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@amanrao23 @azure-sdk