From 831d7c63dced0110323e297dfb91c3a597ab195c Mon Sep 17 00:00:00 2001
From: JRahnama <v-jarahn@microsoft.com>
Date: Thu, 17 Nov 2022 12:59:38 -0800
Subject: [PATCH 01/10] addressing AKVTest on the test pipeline

---
 .../ManualTests/AlwaysEncrypted/AKVTests.cs    | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/src/Microsoft.Data.SqlClient/tests/ManualTests/AlwaysEncrypted/AKVTests.cs b/src/Microsoft.Data.SqlClient/tests/ManualTests/AlwaysEncrypted/AKVTests.cs
index a8d8517194..024ca6a9f8 100644
--- a/src/Microsoft.Data.SqlClient/tests/ManualTests/AlwaysEncrypted/AKVTests.cs
+++ b/src/Microsoft.Data.SqlClient/tests/ManualTests/AlwaysEncrypted/AKVTests.cs
@@ -26,10 +26,11 @@ public AKVTest(SQLSetupStrategyAzureKeyVault fixture)
             SqlConnection.ColumnEncryptionQueryMetadataCacheEnabled = false;
         }
 
-        [ConditionalFact(typeof(DataTestUtility), nameof(DataTestUtility.AreConnStringsSetup), nameof(DataTestUtility.IsAKVSetupAvailable))]
-        public void TestEncryptDecryptWithAKV()
+        [ConditionalTheory(typeof(DataTestUtility), nameof(DataTestUtility.AreConnStringSetupForAE), nameof(DataTestUtility.IsAKVSetupAvailable))]
+        [ClassData(typeof(AEConnectionStringProvider))]
+        public void TestEncryptDecryptWithAKV(string connString)
         {
-            using (SqlConnection sqlConnection = new SqlConnection(string.Concat(DataTestUtility.TCPConnectionString, @";Column Encryption Setting = Enabled;")))
+            using (SqlConnection sqlConnection = new SqlConnection(string.Concat(connString, @";Column Encryption Setting = Enabled;")))
             {
                 sqlConnection.Open();
 
@@ -54,7 +55,7 @@ public void TestEncryptDecryptWithAKV()
             }
         }
 
-        [ConditionalFact(typeof(DataTestUtility), nameof(DataTestUtility.AreConnStringsSetup), nameof(DataTestUtility.IsAKVSetupAvailable))]
+        [ConditionalFact(typeof(DataTestUtility), nameof(DataTestUtility.IsAKVSetupAvailable))]
         [PlatformSpecific(TestPlatforms.Windows)]
         public void TestRoundTripWithAKVAndCertStoreProvider()
         {
@@ -72,15 +73,14 @@ public void TestRoundTripWithAKVAndCertStoreProvider()
             }
         }
 
-        [ConditionalFact(typeof(DataTestUtility), nameof(DataTestUtility.AreConnStringsSetup), nameof(DataTestUtility.IsAKVSetupAvailable))]
-        public void TestLocalCekCacheIsScopedToProvider()
+        [ConditionalTheory(typeof(DataTestUtility), nameof(DataTestUtility.IsAKVSetupAvailable))]
+        [ClassData(typeof(AEConnectionStringProvider))]
+        public void TestLocalCekCacheIsScopedToProvider(string connString)
         {
-            using (SqlConnection sqlConnection = new(string.Concat(DataTestUtility.TCPConnectionString, @";Column Encryption Setting = Enabled;")))
+            using (SqlConnection sqlConnection = new(string.Concat(connString, @";Column Encryption Setting = Enabled;")))
             {
                 sqlConnection.Open();
 
-                Customer customer = new(45, "Microsoft", "Corporation");
-
                 // Test INPUT parameter on an encrypted parameter
                 using (SqlCommand sqlCommand = new($"SELECT CustomerId, FirstName, LastName FROM [{akvTableName}] WHERE FirstName = @firstName",
                                                                 sqlConnection))

From 5100c65f61fd402838c7a3c026484dca8970c427 Mon Sep 17 00:00:00 2001
From: JRahnama <v-jarahn@microsoft.com>
Date: Thu, 17 Nov 2022 12:59:38 -0800
Subject: [PATCH 02/10] addressing AKVTest on the test pipeline

---
 .../ManualTests/AlwaysEncrypted/AKVTests.cs    | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/src/Microsoft.Data.SqlClient/tests/ManualTests/AlwaysEncrypted/AKVTests.cs b/src/Microsoft.Data.SqlClient/tests/ManualTests/AlwaysEncrypted/AKVTests.cs
index a8d8517194..5f5d2e4570 100644
--- a/src/Microsoft.Data.SqlClient/tests/ManualTests/AlwaysEncrypted/AKVTests.cs
+++ b/src/Microsoft.Data.SqlClient/tests/ManualTests/AlwaysEncrypted/AKVTests.cs
@@ -26,10 +26,11 @@ public AKVTest(SQLSetupStrategyAzureKeyVault fixture)
             SqlConnection.ColumnEncryptionQueryMetadataCacheEnabled = false;
         }
 
-        [ConditionalFact(typeof(DataTestUtility), nameof(DataTestUtility.AreConnStringsSetup), nameof(DataTestUtility.IsAKVSetupAvailable))]
-        public void TestEncryptDecryptWithAKV()
+        [ConditionalTheory(typeof(DataTestUtility), nameof(DataTestUtility.AreConnStringSetupForAE), nameof(DataTestUtility.IsAKVSetupAvailable))]
+        [ClassData(typeof(AEConnectionStringProvider))]
+        public void TestEncryptDecryptWithAKV(string connString)
         {
-            using (SqlConnection sqlConnection = new SqlConnection(string.Concat(DataTestUtility.TCPConnectionString, @";Column Encryption Setting = Enabled;")))
+            using (SqlConnection sqlConnection = new SqlConnection(string.Concat(connString, @";Column Encryption Setting = Enabled;")))
             {
                 sqlConnection.Open();
 
@@ -54,7 +55,7 @@ public void TestEncryptDecryptWithAKV()
             }
         }
 
-        [ConditionalFact(typeof(DataTestUtility), nameof(DataTestUtility.AreConnStringsSetup), nameof(DataTestUtility.IsAKVSetupAvailable))]
+        [ConditionalFact(typeof(DataTestUtility), nameof(DataTestUtility.IsAKVSetupAvailable))]
         [PlatformSpecific(TestPlatforms.Windows)]
         public void TestRoundTripWithAKVAndCertStoreProvider()
         {
@@ -72,15 +73,14 @@ public void TestRoundTripWithAKVAndCertStoreProvider()
             }
         }
 
-        [ConditionalFact(typeof(DataTestUtility), nameof(DataTestUtility.AreConnStringsSetup), nameof(DataTestUtility.IsAKVSetupAvailable))]
-        public void TestLocalCekCacheIsScopedToProvider()
+        [ConditionalTheory(typeof(DataTestUtility), nameof(DataTestUtility.AreConnStringSetupForAE), nameof(DataTestUtility.IsAKVSetupAvailable))]
+        [ClassData(typeof(AEConnectionStringProvider))]
+        public void TestLocalCekCacheIsScopedToProvider(string connString)
         {
-            using (SqlConnection sqlConnection = new(string.Concat(DataTestUtility.TCPConnectionString, @";Column Encryption Setting = Enabled;")))
+            using (SqlConnection sqlConnection = new(string.Concat(connString, @";Column Encryption Setting = Enabled;")))
             {
                 sqlConnection.Open();
 
-                Customer customer = new(45, "Microsoft", "Corporation");
-
                 // Test INPUT parameter on an encrypted parameter
                 using (SqlCommand sqlCommand = new($"SELECT CustomerId, FirstName, LastName FROM [{akvTableName}] WHERE FirstName = @firstName",
                                                                 sqlConnection))

From 1bb87a8426370ac7bb67d29623925a6b9c13550b Mon Sep 17 00:00:00 2001
From: JRahnama <v-jarahn@microsoft.com>
Date: Thu, 17 Nov 2022 15:13:39 -0800
Subject: [PATCH 03/10] revert changes and add AKVTest to TestSet 1

---
 .../tests/ManualTests/AlwaysEncrypted/AKVTests.cs    | 12 +++++-------
 ...crosoft.Data.SqlClient.ManualTesting.Tests.csproj |  4 ++--
 2 files changed, 7 insertions(+), 9 deletions(-)

diff --git a/src/Microsoft.Data.SqlClient/tests/ManualTests/AlwaysEncrypted/AKVTests.cs b/src/Microsoft.Data.SqlClient/tests/ManualTests/AlwaysEncrypted/AKVTests.cs
index 5f5d2e4570..2727f6625a 100644
--- a/src/Microsoft.Data.SqlClient/tests/ManualTests/AlwaysEncrypted/AKVTests.cs
+++ b/src/Microsoft.Data.SqlClient/tests/ManualTests/AlwaysEncrypted/AKVTests.cs
@@ -26,11 +26,10 @@ public AKVTest(SQLSetupStrategyAzureKeyVault fixture)
             SqlConnection.ColumnEncryptionQueryMetadataCacheEnabled = false;
         }
 
-        [ConditionalTheory(typeof(DataTestUtility), nameof(DataTestUtility.AreConnStringSetupForAE), nameof(DataTestUtility.IsAKVSetupAvailable))]
-        [ClassData(typeof(AEConnectionStringProvider))]
+        [ConditionalFact(typeof(DataTestUtility), nameof(DataTestUtility.AreConnStringsSetup), nameof(DataTestUtility.IsAKVSetupAvailable))]
         public void TestEncryptDecryptWithAKV(string connString)
         {
-            using (SqlConnection sqlConnection = new SqlConnection(string.Concat(connString, @";Column Encryption Setting = Enabled;")))
+            using (SqlConnection sqlConnection = new SqlConnection(string.Concat(DataTestUtility.TCPConnectionString, @";Column Encryption Setting = Enabled;")))
             {
                 sqlConnection.Open();
 
@@ -73,11 +72,10 @@ public void TestRoundTripWithAKVAndCertStoreProvider()
             }
         }
 
-        [ConditionalTheory(typeof(DataTestUtility), nameof(DataTestUtility.AreConnStringSetupForAE), nameof(DataTestUtility.IsAKVSetupAvailable))]
-        [ClassData(typeof(AEConnectionStringProvider))]
-        public void TestLocalCekCacheIsScopedToProvider(string connString)
+        [ConditionalFact(typeof(DataTestUtility), nameof(DataTestUtility.AreConnStringsSetup), nameof(DataTestUtility.IsAKVSetupAvailable))]
+        public void TestLocalCekCacheIsScopedToProvider()
         {
-            using (SqlConnection sqlConnection = new(string.Concat(connString, @";Column Encryption Setting = Enabled;")))
+            using (SqlConnection sqlConnection = new(string.Concat(DataTestUtility.TCPConnectionString, @";Column Encryption Setting = Enabled;")))
             {
                 sqlConnection.Open();
 
diff --git a/src/Microsoft.Data.SqlClient/tests/ManualTests/Microsoft.Data.SqlClient.ManualTesting.Tests.csproj b/src/Microsoft.Data.SqlClient/tests/ManualTests/Microsoft.Data.SqlClient.ManualTesting.Tests.csproj
index 1efdfeb5fc..9b1562b2db 100644
--- a/src/Microsoft.Data.SqlClient/tests/ManualTests/Microsoft.Data.SqlClient.ManualTesting.Tests.csproj
+++ b/src/Microsoft.Data.SqlClient/tests/ManualTests/Microsoft.Data.SqlClient.ManualTesting.Tests.csproj
@@ -36,8 +36,6 @@
     <Compile Include="AlwaysEncrypted\TestFixtures\SQLSetupStrategyCspExt.cs" />
   </ItemGroup>
   <ItemGroup Condition="'$(TestSet)' == '' OR '$(TestSet)' == 'AE'">
-    <Compile Include="AlwaysEncrypted\AKVTests.cs" />
-    <Compile Include="AlwaysEncrypted\AKVUnitTests.cs" />
     <Compile Include="AlwaysEncrypted\EnclaveAzureDatabaseTests.cs" />
     <Compile Include="AlwaysEncrypted\ExceptionTestAKVStore.cs" />
     <Compile Include="AlwaysEncrypted\TestFixtures\Setup\AKVTestTable.cs" />
@@ -76,6 +74,8 @@
     <Compile Include="SQL\AsyncTest\XmlReaderAsyncTest.cs" />
     <Compile Include="SQL\AsyncTest\AsyncTest.cs" />
     <Compile Include="SQL\AsyncTest\AsyncCancelledConnectionsTest.cs" />
+    <Compile Include="AlwaysEncrypted\AKVTests.cs" />
+    <Compile Include="AlwaysEncrypted\AKVUnitTests.cs" />
   </ItemGroup>
   <ItemGroup Condition="'$(TestSet)' == '' OR '$(TestSet)' == '2'">
     <Compile Include="SQL\AdapterTest\AdapterTest.cs" />

From 8982adb94faa666e23ae96ad276821ff421be5ac Mon Sep 17 00:00:00 2001
From: JRahnama <v-jarahn@microsoft.com>
Date: Thu, 17 Nov 2022 17:07:36 -0800
Subject: [PATCH 04/10] commit

---
 .../tests/ManualTests/AlwaysEncrypted/AKVTests.cs      | 10 +++++-----
 ...Microsoft.Data.SqlClient.ManualTesting.Tests.csproj |  4 ++--
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/src/Microsoft.Data.SqlClient/tests/ManualTests/AlwaysEncrypted/AKVTests.cs b/src/Microsoft.Data.SqlClient/tests/ManualTests/AlwaysEncrypted/AKVTests.cs
index 2727f6625a..018406669b 100644
--- a/src/Microsoft.Data.SqlClient/tests/ManualTests/AlwaysEncrypted/AKVTests.cs
+++ b/src/Microsoft.Data.SqlClient/tests/ManualTests/AlwaysEncrypted/AKVTests.cs
@@ -26,10 +26,10 @@ public AKVTest(SQLSetupStrategyAzureKeyVault fixture)
             SqlConnection.ColumnEncryptionQueryMetadataCacheEnabled = false;
         }
 
-        [ConditionalFact(typeof(DataTestUtility), nameof(DataTestUtility.AreConnStringsSetup), nameof(DataTestUtility.IsAKVSetupAvailable))]
-        public void TestEncryptDecryptWithAKV(string connString)
+        [ConditionalFact(typeof(DataTestUtility), nameof(DataTestUtility.IsAKVSetupAvailable))]
+        public void TestEncryptDecryptWithAKV()
         {
-            using (SqlConnection sqlConnection = new SqlConnection(string.Concat(DataTestUtility.TCPConnectionString, @";Column Encryption Setting = Enabled;")))
+            using (SqlConnection sqlConnection = new SqlConnection(string.Concat(DataTestUtility.TCPConnectionStringHGSVBS, @";Column Encryption Setting = Enabled;")))
             {
                 sqlConnection.Open();
 
@@ -72,10 +72,10 @@ public void TestRoundTripWithAKVAndCertStoreProvider()
             }
         }
 
-        [ConditionalFact(typeof(DataTestUtility), nameof(DataTestUtility.AreConnStringsSetup), nameof(DataTestUtility.IsAKVSetupAvailable))]
+        [ConditionalFact(typeof(DataTestUtility), nameof(DataTestUtility.IsAKVSetupAvailable))]
         public void TestLocalCekCacheIsScopedToProvider()
         {
-            using (SqlConnection sqlConnection = new(string.Concat(DataTestUtility.TCPConnectionString, @";Column Encryption Setting = Enabled;")))
+            using (SqlConnection sqlConnection = new(string.Concat(DataTestUtility.TCPConnectionStringHGSVBS, @";Column Encryption Setting = Enabled;")))
             {
                 sqlConnection.Open();
 
diff --git a/src/Microsoft.Data.SqlClient/tests/ManualTests/Microsoft.Data.SqlClient.ManualTesting.Tests.csproj b/src/Microsoft.Data.SqlClient/tests/ManualTests/Microsoft.Data.SqlClient.ManualTesting.Tests.csproj
index 9b1562b2db..1efdfeb5fc 100644
--- a/src/Microsoft.Data.SqlClient/tests/ManualTests/Microsoft.Data.SqlClient.ManualTesting.Tests.csproj
+++ b/src/Microsoft.Data.SqlClient/tests/ManualTests/Microsoft.Data.SqlClient.ManualTesting.Tests.csproj
@@ -36,6 +36,8 @@
     <Compile Include="AlwaysEncrypted\TestFixtures\SQLSetupStrategyCspExt.cs" />
   </ItemGroup>
   <ItemGroup Condition="'$(TestSet)' == '' OR '$(TestSet)' == 'AE'">
+    <Compile Include="AlwaysEncrypted\AKVTests.cs" />
+    <Compile Include="AlwaysEncrypted\AKVUnitTests.cs" />
     <Compile Include="AlwaysEncrypted\EnclaveAzureDatabaseTests.cs" />
     <Compile Include="AlwaysEncrypted\ExceptionTestAKVStore.cs" />
     <Compile Include="AlwaysEncrypted\TestFixtures\Setup\AKVTestTable.cs" />
@@ -74,8 +76,6 @@
     <Compile Include="SQL\AsyncTest\XmlReaderAsyncTest.cs" />
     <Compile Include="SQL\AsyncTest\AsyncTest.cs" />
     <Compile Include="SQL\AsyncTest\AsyncCancelledConnectionsTest.cs" />
-    <Compile Include="AlwaysEncrypted\AKVTests.cs" />
-    <Compile Include="AlwaysEncrypted\AKVUnitTests.cs" />
   </ItemGroup>
   <ItemGroup Condition="'$(TestSet)' == '' OR '$(TestSet)' == '2'">
     <Compile Include="SQL\AdapterTest\AdapterTest.cs" />

From a26a4693c6c36c495dce4f31a568329e67fd9ebb Mon Sep 17 00:00:00 2001
From: JRahnama <v-jarahn@microsoft.com>
Date: Fri, 18 Nov 2022 09:30:24 -0800
Subject: [PATCH 05/10] commit

---
 .../ManualTests/AlwaysEncrypted/AKVTests.cs   | 111 +++++++++---------
 1 file changed, 57 insertions(+), 54 deletions(-)

diff --git a/src/Microsoft.Data.SqlClient/tests/ManualTests/AlwaysEncrypted/AKVTests.cs b/src/Microsoft.Data.SqlClient/tests/ManualTests/AlwaysEncrypted/AKVTests.cs
index 018406669b..525dbd4a90 100644
--- a/src/Microsoft.Data.SqlClient/tests/ManualTests/AlwaysEncrypted/AKVTests.cs
+++ b/src/Microsoft.Data.SqlClient/tests/ManualTests/AlwaysEncrypted/AKVTests.cs
@@ -26,32 +26,34 @@ public AKVTest(SQLSetupStrategyAzureKeyVault fixture)
             SqlConnection.ColumnEncryptionQueryMetadataCacheEnabled = false;
         }
 
-        [ConditionalFact(typeof(DataTestUtility), nameof(DataTestUtility.IsAKVSetupAvailable))]
+        [ConditionalFact(typeof(DataTestUtility), nameof(DataTestUtility.AreConnStringSetupForAE), nameof(DataTestUtility.IsAKVSetupAvailable))]
         public void TestEncryptDecryptWithAKV()
         {
-            using (SqlConnection sqlConnection = new SqlConnection(string.Concat(DataTestUtility.TCPConnectionStringHGSVBS, @";Column Encryption Setting = Enabled;")))
+            SqlConnectionStringBuilder builder = new(DataTestUtility.TCPConnectionStringHGSVBS);
+            builder.ColumnEncryptionSetting = SqlConnectionColumnEncryptionSetting.Enabled;
+            builder.AttestationProtocol = SqlConnectionAttestationProtocol.NotSpecified;
+            builder.EnclaveAttestationUrl = "";
+            using SqlConnection sqlConnection = new SqlConnection(builder.ConnectionString);
+
+            sqlConnection.Open();
+            Customer customer = new Customer(45, "Microsoft", "Corporation");
+
+            // Start a transaction and either commit or rollback based on the test variation.
+            using (SqlTransaction sqlTransaction = sqlConnection.BeginTransaction())
             {
-                sqlConnection.Open();
-
-                Customer customer = new Customer(45, "Microsoft", "Corporation");
-
-                // Start a transaction and either commit or rollback based on the test variation.
-                using (SqlTransaction sqlTransaction = sqlConnection.BeginTransaction())
-                {
-                    DatabaseHelper.InsertCustomerData(sqlConnection, sqlTransaction, akvTableName, customer);
-                    sqlTransaction.Commit();
-                }
-
-                // Test INPUT parameter on an encrypted parameter
-                using SqlCommand sqlCommand = new SqlCommand($"SELECT CustomerId, FirstName, LastName FROM [{akvTableName}] WHERE FirstName = @firstName",
-                                                                sqlConnection);
-                SqlParameter customerFirstParam = sqlCommand.Parameters.AddWithValue(@"firstName", @"Microsoft");
-                customerFirstParam.Direction = System.Data.ParameterDirection.Input;
-                customerFirstParam.ForceColumnEncryption = true;
-
-                using SqlDataReader sqlDataReader = sqlCommand.ExecuteReader();
-                DatabaseHelper.ValidateResultSet(sqlDataReader);
+                DatabaseHelper.InsertCustomerData(sqlConnection, sqlTransaction, akvTableName, customer);
+                sqlTransaction.Commit();
             }
+
+            // Test INPUT parameter on an encrypted parameter
+            using SqlCommand sqlCommand = new SqlCommand($"SELECT CustomerId, FirstName, LastName FROM [{akvTableName}] WHERE FirstName = @firstName",
+                                                            sqlConnection);
+            SqlParameter customerFirstParam = sqlCommand.Parameters.AddWithValue(@"firstName", @"Microsoft");
+            customerFirstParam.Direction = System.Data.ParameterDirection.Input;
+            customerFirstParam.ForceColumnEncryption = true;
+
+            using SqlDataReader sqlDataReader = sqlCommand.ExecuteReader();
+            DatabaseHelper.ValidateResultSet(sqlDataReader);
         }
 
         [ConditionalFact(typeof(DataTestUtility), nameof(DataTestUtility.IsAKVSetupAvailable))]
@@ -72,48 +74,49 @@ public void TestRoundTripWithAKVAndCertStoreProvider()
             }
         }
 
-        [ConditionalFact(typeof(DataTestUtility), nameof(DataTestUtility.IsAKVSetupAvailable))]
+        [ConditionalFact(typeof(DataTestUtility), nameof(DataTestUtility.AreConnStringSetupForAE), nameof(DataTestUtility.IsAKVSetupAvailable))]
         public void TestLocalCekCacheIsScopedToProvider()
         {
-            using (SqlConnection sqlConnection = new(string.Concat(DataTestUtility.TCPConnectionStringHGSVBS, @";Column Encryption Setting = Enabled;")))
-            {
-                sqlConnection.Open();
+            SqlConnectionStringBuilder builder = new(DataTestUtility.TCPConnectionStringHGSVBS);
+            builder.ColumnEncryptionSetting = SqlConnectionColumnEncryptionSetting.Enabled;
+            builder.AttestationProtocol = SqlConnectionAttestationProtocol.NotSpecified;
+            builder.EnclaveAttestationUrl = "";
+
+            using SqlConnection sqlConnection = new SqlConnection(builder.ConnectionString);
+
+            sqlConnection.Open();
 
-                // Test INPUT parameter on an encrypted parameter
-                using (SqlCommand sqlCommand = new($"SELECT CustomerId, FirstName, LastName FROM [{akvTableName}] WHERE FirstName = @firstName",
-                                                                sqlConnection))
-                {
-                    SqlParameter customerFirstParam = sqlCommand.Parameters.AddWithValue(@"firstName", @"Microsoft");
-                    customerFirstParam.Direction = System.Data.ParameterDirection.Input;
-                    customerFirstParam.ForceColumnEncryption = true;
+            // Test INPUT parameter on an encrypted parameter
+            using SqlCommand sqlCommand = new($"SELECT CustomerId, FirstName, LastName FROM [{akvTableName}] WHERE FirstName = @firstName",
+                                                            sqlConnection);
+            SqlParameter customerFirstParam = sqlCommand.Parameters.AddWithValue(@"firstName", @"Microsoft");
+            customerFirstParam.Direction = System.Data.ParameterDirection.Input;
+            customerFirstParam.ForceColumnEncryption = true;
 
-                    SqlDataReader sqlDataReader = sqlCommand.ExecuteReader();
-                    sqlDataReader.Close();
+            SqlDataReader sqlDataReader = sqlCommand.ExecuteReader();
+            sqlDataReader.Close();
 
-                    SqlColumnEncryptionAzureKeyVaultProvider sqlColumnEncryptionAzureKeyVaultProvider =
-                        new(new SqlClientCustomTokenCredential());
+            SqlColumnEncryptionAzureKeyVaultProvider sqlColumnEncryptionAzureKeyVaultProvider =
+                new(new SqlClientCustomTokenCredential());
 
-                    Dictionary<string, SqlColumnEncryptionKeyStoreProvider> customProvider = new()
+            Dictionary<string, SqlColumnEncryptionKeyStoreProvider> customProvider = new()
                     {
                         { SqlColumnEncryptionAzureKeyVaultProvider.ProviderName, sqlColumnEncryptionAzureKeyVaultProvider }
                     };
 
-                    // execute a query using provider from command-level cache. this will cache the cek in the local cek cache
-                    sqlCommand.RegisterColumnEncryptionKeyStoreProvidersOnCommand(customProvider);
-                    SqlDataReader sqlDataReader2 = sqlCommand.ExecuteReader();
-                    sqlDataReader2.Close();
-
-                    // global cek cache and local cek cache are populated above
-                    // when using a new per-command provider, it will only use its local cek cache 
-                    // the following query should fail due to an empty cek cache and invalid credentials
-                    customProvider[SqlColumnEncryptionAzureKeyVaultProvider.ProviderName] =
-                        new SqlColumnEncryptionAzureKeyVaultProvider(new ClientSecretCredential("tenant", "client", "secret"));
-                    sqlCommand.RegisterColumnEncryptionKeyStoreProvidersOnCommand(customProvider);
-                    Exception ex = Assert.Throws<SqlException>(() => sqlCommand.ExecuteReader());
-                    Assert.Contains("ClientSecretCredential authentication failed", ex.Message);
-                }
-            }
+            // execute a query using provider from command-level cache. this will cache the cek in the local cek cache
+            sqlCommand.RegisterColumnEncryptionKeyStoreProvidersOnCommand(customProvider);
+            SqlDataReader sqlDataReader2 = sqlCommand.ExecuteReader();
+            sqlDataReader2.Close();
+
+            // global cek cache and local cek cache are populated above
+            // when using a new per-command provider, it will only use its local cek cache 
+            // the following query should fail due to an empty cek cache and invalid credentials
+            customProvider[SqlColumnEncryptionAzureKeyVaultProvider.ProviderName] =
+                new SqlColumnEncryptionAzureKeyVaultProvider(new ClientSecretCredential("tenant", "client", "secret"));
+            sqlCommand.RegisterColumnEncryptionKeyStoreProvidersOnCommand(customProvider);
+            Exception ex = Assert.Throws<SqlException>(() => sqlCommand.ExecuteReader());
+            Assert.Contains("ClientSecretCredential authentication failed", ex.Message);
         }
-
     }
 }

From 78a36bb6307215b9302d3a9c4e849f34d0be37a1 Mon Sep 17 00:00:00 2001
From: JRahnama <v-jarahn@microsoft.com>
Date: Fri, 18 Nov 2022 10:21:33 -0800
Subject: [PATCH 06/10] commit

---
 .../ManualTests/AlwaysEncrypted/AKVTests.cs   | 62 ++++++++++---------
 1 file changed, 32 insertions(+), 30 deletions(-)

diff --git a/src/Microsoft.Data.SqlClient/tests/ManualTests/AlwaysEncrypted/AKVTests.cs b/src/Microsoft.Data.SqlClient/tests/ManualTests/AlwaysEncrypted/AKVTests.cs
index 525dbd4a90..d532d1d25f 100644
--- a/src/Microsoft.Data.SqlClient/tests/ManualTests/AlwaysEncrypted/AKVTests.cs
+++ b/src/Microsoft.Data.SqlClient/tests/ManualTests/AlwaysEncrypted/AKVTests.cs
@@ -14,13 +14,13 @@ namespace Microsoft.Data.SqlClient.ManualTesting.Tests.AlwaysEncrypted
 {
     public class AKVTest : IClassFixture<SQLSetupStrategyAzureKeyVault>
     {
-        private SQLSetupStrategyAzureKeyVault fixture;
-        private readonly string akvTableName;
+        private readonly SQLSetupStrategyAzureKeyVault _fixture;
+        private readonly string _akvTableName;
 
         public AKVTest(SQLSetupStrategyAzureKeyVault fixture)
         {
-            this.fixture = fixture;
-            akvTableName = fixture.AKVTestTable.Name;
+            _fixture = fixture;
+            _akvTableName = fixture.AKVTestTable.Name;
 
             // Disable the cache to avoid false failures.
             SqlConnection.ColumnEncryptionQueryMetadataCacheEnabled = false;
@@ -29,24 +29,26 @@ public AKVTest(SQLSetupStrategyAzureKeyVault fixture)
         [ConditionalFact(typeof(DataTestUtility), nameof(DataTestUtility.AreConnStringSetupForAE), nameof(DataTestUtility.IsAKVSetupAvailable))]
         public void TestEncryptDecryptWithAKV()
         {
-            SqlConnectionStringBuilder builder = new(DataTestUtility.TCPConnectionStringHGSVBS);
-            builder.ColumnEncryptionSetting = SqlConnectionColumnEncryptionSetting.Enabled;
-            builder.AttestationProtocol = SqlConnectionAttestationProtocol.NotSpecified;
-            builder.EnclaveAttestationUrl = "";
-            using SqlConnection sqlConnection = new SqlConnection(builder.ConnectionString);
+            SqlConnectionStringBuilder builder = new(DataTestUtility.TCPConnectionStringHGSVBS)
+            {
+                ColumnEncryptionSetting = SqlConnectionColumnEncryptionSetting.Enabled,
+                AttestationProtocol = SqlConnectionAttestationProtocol.NotSpecified,
+                EnclaveAttestationUrl = ""
+            };
+            using SqlConnection sqlConnection = new (builder.ConnectionString);
 
             sqlConnection.Open();
-            Customer customer = new Customer(45, "Microsoft", "Corporation");
+            Customer customer = new(45, "Microsoft", "Corporation");
 
             // Start a transaction and either commit or rollback based on the test variation.
             using (SqlTransaction sqlTransaction = sqlConnection.BeginTransaction())
             {
-                DatabaseHelper.InsertCustomerData(sqlConnection, sqlTransaction, akvTableName, customer);
+                DatabaseHelper.InsertCustomerData(sqlConnection, sqlTransaction, _akvTableName, customer);
                 sqlTransaction.Commit();
             }
 
             // Test INPUT parameter on an encrypted parameter
-            using SqlCommand sqlCommand = new SqlCommand($"SELECT CustomerId, FirstName, LastName FROM [{akvTableName}] WHERE FirstName = @firstName",
+            using SqlCommand sqlCommand = new ($"SELECT CustomerId, FirstName, LastName FROM [{_akvTableName}] WHERE FirstName = @firstName",
                                                             sqlConnection);
             SqlParameter customerFirstParam = sqlCommand.Parameters.AddWithValue(@"firstName", @"Microsoft");
             customerFirstParam.Direction = System.Data.ParameterDirection.Input;
@@ -60,34 +62,34 @@ public void TestEncryptDecryptWithAKV()
         [PlatformSpecific(TestPlatforms.Windows)]
         public void TestRoundTripWithAKVAndCertStoreProvider()
         {
-            using (SQLSetupStrategyCertStoreProvider certStoreFixture = new SQLSetupStrategyCertStoreProvider())
-            {
-                byte[] plainTextColumnEncryptionKey = ColumnEncryptionKey.GenerateRandomBytes(ColumnEncryptionKey.KeySizeInBytes);
-                byte[] encryptedColumnEncryptionKeyUsingAKV = fixture.AkvStoreProvider.EncryptColumnEncryptionKey(DataTestUtility.AKVUrl, @"RSA_OAEP", plainTextColumnEncryptionKey);
-                byte[] columnEncryptionKeyReturnedAKV2Cert = certStoreFixture.CertStoreProvider.DecryptColumnEncryptionKey(certStoreFixture.CspColumnMasterKey.KeyPath, @"RSA_OAEP", encryptedColumnEncryptionKeyUsingAKV);
-                Assert.True(plainTextColumnEncryptionKey.SequenceEqual(columnEncryptionKeyReturnedAKV2Cert), @"Roundtrip failed");
-
-                // Try the opposite.
-                byte[] encryptedColumnEncryptionKeyUsingCert = certStoreFixture.CertStoreProvider.EncryptColumnEncryptionKey(certStoreFixture.CspColumnMasterKey.KeyPath, @"RSA_OAEP", plainTextColumnEncryptionKey);
-                byte[] columnEncryptionKeyReturnedCert2AKV = fixture.AkvStoreProvider.DecryptColumnEncryptionKey(DataTestUtility.AKVUrl, @"RSA_OAEP", encryptedColumnEncryptionKeyUsingCert);
-                Assert.True(plainTextColumnEncryptionKey.SequenceEqual(columnEncryptionKeyReturnedCert2AKV), @"Roundtrip failed");
-            }
+            using SQLSetupStrategyCertStoreProvider certStoreFixture = new ();
+            byte[] plainTextColumnEncryptionKey = ColumnEncryptionKey.GenerateRandomBytes(ColumnEncryptionKey.KeySizeInBytes);
+            byte[] encryptedColumnEncryptionKeyUsingAKV = _fixture.AkvStoreProvider.EncryptColumnEncryptionKey(DataTestUtility.AKVUrl, @"RSA_OAEP", plainTextColumnEncryptionKey);
+            byte[] columnEncryptionKeyReturnedAKV2Cert = certStoreFixture.CertStoreProvider.DecryptColumnEncryptionKey(certStoreFixture.CspColumnMasterKey.KeyPath, @"RSA_OAEP", encryptedColumnEncryptionKeyUsingAKV);
+            Assert.True(plainTextColumnEncryptionKey.SequenceEqual(columnEncryptionKeyReturnedAKV2Cert), @"Roundtrip failed");
+
+            // Try the opposite.
+            byte[] encryptedColumnEncryptionKeyUsingCert = certStoreFixture.CertStoreProvider.EncryptColumnEncryptionKey(certStoreFixture.CspColumnMasterKey.KeyPath, @"RSA_OAEP", plainTextColumnEncryptionKey);
+            byte[] columnEncryptionKeyReturnedCert2AKV = _fixture.AkvStoreProvider.DecryptColumnEncryptionKey(DataTestUtility.AKVUrl, @"RSA_OAEP", encryptedColumnEncryptionKeyUsingCert);
+            Assert.True(plainTextColumnEncryptionKey.SequenceEqual(columnEncryptionKeyReturnedCert2AKV), @"Roundtrip failed");
         }
 
         [ConditionalFact(typeof(DataTestUtility), nameof(DataTestUtility.AreConnStringSetupForAE), nameof(DataTestUtility.IsAKVSetupAvailable))]
         public void TestLocalCekCacheIsScopedToProvider()
         {
-            SqlConnectionStringBuilder builder = new(DataTestUtility.TCPConnectionStringHGSVBS);
-            builder.ColumnEncryptionSetting = SqlConnectionColumnEncryptionSetting.Enabled;
-            builder.AttestationProtocol = SqlConnectionAttestationProtocol.NotSpecified;
-            builder.EnclaveAttestationUrl = "";
+            SqlConnectionStringBuilder builder = new(DataTestUtility.TCPConnectionStringHGSVBS)
+            {
+                ColumnEncryptionSetting = SqlConnectionColumnEncryptionSetting.Enabled,
+                AttestationProtocol = SqlConnectionAttestationProtocol.NotSpecified,
+                EnclaveAttestationUrl = ""
+            };
 
-            using SqlConnection sqlConnection = new SqlConnection(builder.ConnectionString);
+            using SqlConnection sqlConnection = new(builder.ConnectionString);
 
             sqlConnection.Open();
 
             // Test INPUT parameter on an encrypted parameter
-            using SqlCommand sqlCommand = new($"SELECT CustomerId, FirstName, LastName FROM [{akvTableName}] WHERE FirstName = @firstName",
+            using SqlCommand sqlCommand = new($"SELECT CustomerId, FirstName, LastName FROM [{_akvTableName}] WHERE FirstName = @firstName",
                                                             sqlConnection);
             SqlParameter customerFirstParam = sqlCommand.Parameters.AddWithValue(@"firstName", @"Microsoft");
             customerFirstParam.Direction = System.Data.ParameterDirection.Input;

From d8b983ce66e20e3414fffd7d6e5e74d17cb2f128 Mon Sep 17 00:00:00 2001
From: JRahnama <v-jarahn@microsoft.com>
Date: Fri, 18 Nov 2022 11:13:45 -0800
Subject: [PATCH 07/10] commit

---
 .../tests/ManualTests/AlwaysEncrypted/AKVTests.cs            | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/Microsoft.Data.SqlClient/tests/ManualTests/AlwaysEncrypted/AKVTests.cs b/src/Microsoft.Data.SqlClient/tests/ManualTests/AlwaysEncrypted/AKVTests.cs
index d532d1d25f..b060d52064 100644
--- a/src/Microsoft.Data.SqlClient/tests/ManualTests/AlwaysEncrypted/AKVTests.cs
+++ b/src/Microsoft.Data.SqlClient/tests/ManualTests/AlwaysEncrypted/AKVTests.cs
@@ -117,8 +117,9 @@ public void TestLocalCekCacheIsScopedToProvider()
             customProvider[SqlColumnEncryptionAzureKeyVaultProvider.ProviderName] =
                 new SqlColumnEncryptionAzureKeyVaultProvider(new ClientSecretCredential("tenant", "client", "secret"));
             sqlCommand.RegisterColumnEncryptionKeyStoreProvidersOnCommand(customProvider);
-            Exception ex = Assert.Throws<SqlException>(() => sqlCommand.ExecuteReader());
-            Assert.Contains("ClientSecretCredential authentication failed", ex.Message);
+            sqlCommand.ExecuteReader();
+            //Exception ex = Assert.Throws<SqlException>(() => sqlCommand.ExecuteReader());
+            //Assert.Contains("ClientSecretCredential authentication failed", ex.Message);
         }
     }
 }

From 979de4547e1dda0db525db941011b8f74a74a97a Mon Sep 17 00:00:00 2001
From: JRahnama <v-jarahn@microsoft.com>
Date: Fri, 18 Nov 2022 11:33:20 -0800
Subject: [PATCH 08/10] commit

---
 .../tests/ManualTests/AlwaysEncrypted/AKVTests.cs            | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/src/Microsoft.Data.SqlClient/tests/ManualTests/AlwaysEncrypted/AKVTests.cs b/src/Microsoft.Data.SqlClient/tests/ManualTests/AlwaysEncrypted/AKVTests.cs
index b060d52064..9509707efa 100644
--- a/src/Microsoft.Data.SqlClient/tests/ManualTests/AlwaysEncrypted/AKVTests.cs
+++ b/src/Microsoft.Data.SqlClient/tests/ManualTests/AlwaysEncrypted/AKVTests.cs
@@ -117,9 +117,8 @@ public void TestLocalCekCacheIsScopedToProvider()
             customProvider[SqlColumnEncryptionAzureKeyVaultProvider.ProviderName] =
                 new SqlColumnEncryptionAzureKeyVaultProvider(new ClientSecretCredential("tenant", "client", "secret"));
             sqlCommand.RegisterColumnEncryptionKeyStoreProvidersOnCommand(customProvider);
-            sqlCommand.ExecuteReader();
-            //Exception ex = Assert.Throws<SqlException>(() => sqlCommand.ExecuteReader());
-            //Assert.Contains("ClientSecretCredential authentication failed", ex.Message);
+            Exception ex = Assert.Throws<SqlException>(() => sqlCommand.ExecuteReader());
+            Assert.StartsWith("Failed to decrypt a column encryption key using key store provider", ex.InnerException.Message);
         }
     }
 }

From 94ce2c84a170a3a66b22bb3779f48d2bd8ec7610 Mon Sep 17 00:00:00 2001
From: JRahnama <v-jarahn@microsoft.com>
Date: Fri, 18 Nov 2022 12:23:28 -0800
Subject: [PATCH 09/10] commit

---
 .../tests/ManualTests/AlwaysEncrypted/AKVTests.cs               | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Microsoft.Data.SqlClient/tests/ManualTests/AlwaysEncrypted/AKVTests.cs b/src/Microsoft.Data.SqlClient/tests/ManualTests/AlwaysEncrypted/AKVTests.cs
index 9509707efa..d5b10a2e33 100644
--- a/src/Microsoft.Data.SqlClient/tests/ManualTests/AlwaysEncrypted/AKVTests.cs
+++ b/src/Microsoft.Data.SqlClient/tests/ManualTests/AlwaysEncrypted/AKVTests.cs
@@ -118,7 +118,7 @@ public void TestLocalCekCacheIsScopedToProvider()
                 new SqlColumnEncryptionAzureKeyVaultProvider(new ClientSecretCredential("tenant", "client", "secret"));
             sqlCommand.RegisterColumnEncryptionKeyStoreProvidersOnCommand(customProvider);
             Exception ex = Assert.Throws<SqlException>(() => sqlCommand.ExecuteReader());
-            Assert.StartsWith("Failed to decrypt a column encryption key using key store provider", ex.InnerException.Message);
+            Assert.StartsWith("The current credential is not configured to acquire tokens for tenent", ex.InnerException.Message);
         }
     }
 }

From e4d9b1b4111facdfc26fbf0d0f19838720068596 Mon Sep 17 00:00:00 2001
From: JRahnama <v-jarahn@microsoft.com>
Date: Fri, 18 Nov 2022 13:15:36 -0800
Subject: [PATCH 10/10] commit

---
 .../tests/ManualTests/AlwaysEncrypted/AKVTests.cs               | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Microsoft.Data.SqlClient/tests/ManualTests/AlwaysEncrypted/AKVTests.cs b/src/Microsoft.Data.SqlClient/tests/ManualTests/AlwaysEncrypted/AKVTests.cs
index d5b10a2e33..3f2b7a83fa 100644
--- a/src/Microsoft.Data.SqlClient/tests/ManualTests/AlwaysEncrypted/AKVTests.cs
+++ b/src/Microsoft.Data.SqlClient/tests/ManualTests/AlwaysEncrypted/AKVTests.cs
@@ -118,7 +118,7 @@ public void TestLocalCekCacheIsScopedToProvider()
                 new SqlColumnEncryptionAzureKeyVaultProvider(new ClientSecretCredential("tenant", "client", "secret"));
             sqlCommand.RegisterColumnEncryptionKeyStoreProvidersOnCommand(customProvider);
             Exception ex = Assert.Throws<SqlException>(() => sqlCommand.ExecuteReader());
-            Assert.StartsWith("The current credential is not configured to acquire tokens for tenent", ex.InnerException.Message);
+            Assert.StartsWith("The current credential is not configured to acquire tokens for tenant", ex.InnerException.Message);
         }
     }
 }