Fix AKV keyword test for AE v2 behaviour (#1061)

* Master (#936) 5.6.0 RTW * 5.6.1 hotfix (#959) * Updated links and versions (#987) * Fixed AKV keyword tests for AE v2 * Added comment * Free proc cache before starting test * Fixed comment
microsoft · Nov 25, 2019 · 48b0488 · 48b0488
1 parent b41135a
commit 48b0488
Show file tree

Hide file tree

Showing 2 changed files with 58 additions and 5 deletions.
diff --git a/test/functional/pdo_sqlsrv/pdo_ae_azure_key_vault_keywords.phpt b/test/functional/pdo_sqlsrv/pdo_ae_azure_key_vault_keywords.phpt
@@ -48,6 +48,26 @@ $dataTypes = array("char(".SHORT_STRSIZE.")", "varchar(".SHORT_STRSIZE.")", "nva
 
 $tableName = "akv_comparison_table";
 
+// First determine if the server is AE v2 enabled
+$isEnclaveEnabled = false;
+$connectionOptions = "sqlsrv:Server=$server;Database=$databaseName";
+
+$conn = new PDO($connectionOptions, $uid, $pwd);
+if (!$conn) {
+    fatalError("Initial connection failed\n");
+} else {
+    $query = "SELECT [name], [value], [value_in_use] FROM sys.configurations WHERE [name] = 'column encryption enclave type';";
+    $stmt = $conn->query($query);
+    $info = $stmt->fetch();
+    if ($info['value'] == 1 and $info['value_in_use'] == 1) {
+        $isEnclaveEnabled = true;
+    }
+
+    $conn->query("DBCC FREEPROCCACHE");
+}
+
+unset($conn);
+
 // Test every combination of the keywords above.
 // Leave out good credentials to ensure that caching does not influence the
 // results. The cache timeout can only be changed with SQLSetConnectAttr, so
@@ -117,8 +137,11 @@ for ($i = 0; $i < sizeof($columnEncryption); ++$i) {
                         unset($stmt);
                     } else {
                         // The INSERT query succeeded with bad credentials, which
-                        // should only happen when encryption is not enabled.
-                        if (isColEncrypted()) {
+                        // should only happen when 1. encryption is not enabled or
+                        // 2. when ColumnEncryption is set to something other than
+                        // enabled or disabled (i.e. $i == 2), and the server is
+                        // not enclave-enabled
+                        if (!(!isColEncrypted() or ($i == 2 and !$isEnclaveEnabled))) {
                             fatalError("Successful insertion with bad credentials\n");
                         }
                     }
@@ -135,6 +158,7 @@ for ($i = 0; $i < sizeof($columnEncryption); ++$i) {
                             $errors,
                             array('CE258', '0'),
                             array('CE275', '0'),
+                            array('CE400', '0'),
                             array('IMSSP', '-85'),
                             array('IMSSP', '-86'),
                             array('IMSSP', '-87'),
@@ -147,6 +171,7 @@ for ($i = 0; $i < sizeof($columnEncryption); ++$i) {
                             $errors,
                             array('CE258', '0'),
                             array('CE275', '0'),
+                            array('CE400', '0'),
                             array('IMSSP', '-85'),
                             array('IMSSP', '-86'),
                             array('IMSSP', '-87'),

diff --git a/test/functional/sqlsrv/sqlsrv_ae_azure_key_vault_keywords.phpt b/test/functional/sqlsrv/sqlsrv_ae_azure_key_vault_keywords.phpt
@@ -47,6 +47,30 @@ $dataTypes = array("char(".SHORT_STRSIZE.")", "varchar(".SHORT_STRSIZE.")", "nva
 
 $tableName = "akv_comparison_table";
 
+// First determine if the server is AE v2 enabled
+$isEnclaveEnabled = false;
+$connectionOptions = array("CharacterSet"=>"UTF-8",
+                           "database"=>$databaseName,
+                           "uid"=>$uid,
+                           "pwd"=>$pwd,
+                           "ConnectionPooling"=>0);
+
+$conn = sqlsrv_connect($server, $connectionOptions);
+if (!$conn) {
+    fatalError("Initial connection failed\n");
+} else {
+    $query = "SELECT [name], [value], [value_in_use] FROM sys.configurations WHERE [name] = 'column encryption enclave type';";
+    $stmt = sqlsrv_query($conn, $query);
+    $info = sqlsrv_fetch_array($stmt);
+    if ($info['value'] == 1 and $info['value_in_use'] == 1) {
+        $isEnclaveEnabled = true;
+    }
+
+    sqlsrv_query($conn, "DBCC FREEPROCCACHE");
+}
+
+unset($conn);
+
 // Test every combination of the keywords above.
 // Leave out good credentials to ensure that caching does not influence the
 // results. The cache timeout can only be changed with SQLSetConnectAttr, so
@@ -96,7 +120,8 @@ for ($i = 0; $i < sizeof($columnEncryption); ++$i) {
                         array('IMSSP','-110'),
                         array('IMSSP','-111'),
                         array('IMSSP','-112'),
-                        array('IMSSP','-113')
+                        array('IMSSP','-113'),
+                        array('CE400','0')
                     );
                 } else {
                     $columns = array();
@@ -148,8 +173,11 @@ for ($i = 0; $i < sizeof($columnEncryption); ++$i) {
                         sqlsrv_free_stmt($stmt);
                     } else {
                         // The INSERT query succeeded with bad credentials, which
-                        // should only happen when encryption is not enabled.
-                        if (AE\isDataEncrypted()) {
+                        // should only happen when 1. encryption is not enabled or
+                        // 2. when ColumnEncryption is set to something other than
+                        // enabled or disabled (i.e. $i == 2), and the server is
+                        // not enclave-enabled
+                        if (!(!AE\isDataEncrypted() or ($i == 2 and !$isEnclaveEnabled))) {
                             fatalError("Successful insertion with bad credentials\n");
                         }
                     }