Fix AKV keyword test for AE v2 behaviour (#1061)

* Master (#936) 5.6.0 RTW * 5.6.1 hotfix (#959) * Updated links and versions (#987) * Fixed AKV keyword tests for AE v2 * Added comment * Free proc cache before starting test * Fixed comment
2019-11-25 15:29:32 -08:00 · 2019-11-25 15:29:32 -08:00 · 48b048830d
parent b41135a850
commit 48b048830d
2 changed files with 58 additions and 5 deletions
--- a/test/functional/pdo_sqlsrv/pdo_ae_azure_key_vault_keywords.phpt
+++ b/test/functional/pdo_sqlsrv/pdo_ae_azure_key_vault_keywords.phpt
@ -48,6 +48,26 @@ $dataTypes = array("char(".SHORT_STRSIZE.")", "varchar(".SHORT_STRSIZE.")", "nva

 $tableName = "akv_comparison_table";

+// First determine if the server is AE v2 enabled
+$isEnclaveEnabled = false;
+$connectionOptions = "sqlsrv:Server=$server;Database=$databaseName";
+
+$conn = new PDO($connectionOptions, $uid, $pwd);
+if (!$conn) {
+    fatalError("Initial connection failed\n");
+} else {
+    $query = "SELECT [name], [value], [value_in_use] FROM sys.configurations WHERE [name] = 'column encryption enclave type';";
+    $stmt = $conn->query($query);
+    $info = $stmt->fetch();
+    if ($info['value'] == 1 and $info['value_in_use'] == 1) {
+        $isEnclaveEnabled = true;
+    }
+
+    $conn->query("DBCC FREEPROCCACHE");
+}
+
+unset($conn);
+
 // Test every combination of the keywords above.
 // Leave out good credentials to ensure that caching does not influence the
 // results. The cache timeout can only be changed with SQLSetConnectAttr, so
@ -117,8 +137,11 @@ for ($i = 0; $i < sizeof($columnEncryption); ++$i) {
                        unset($stmt);
                    } else {
                        // The INSERT query succeeded with bad credentials, which
-                        // should only happen when encryption is not enabled.
-                        if (isColEncrypted()) {
+                        // should only happen when 1. encryption is not enabled or
+                        // 2. when ColumnEncryption is set to something other than
+                        // enabled or disabled (i.e. $i == 2), and the server is
+                        // not enclave-enabled
+                        if (!(!isColEncrypted() or ($i == 2 and !$isEnclaveEnabled))) {
                            fatalError("Successful insertion with bad credentials\n");
                        }
                    }
@ -135,6 +158,7 @@ for ($i = 0; $i < sizeof($columnEncryption); ++$i) {
                            $errors,
                            array('CE258', '0'),
                            array('CE275', '0'),
+                            array('CE400', '0'),
                            array('IMSSP', '-85'),
                            array('IMSSP', '-86'),
                            array('IMSSP', '-87'),
@ -147,6 +171,7 @@ for ($i = 0; $i < sizeof($columnEncryption); ++$i) {
                            $errors,
                            array('CE258', '0'),
                            array('CE275', '0'),
+                            array('CE400', '0'),
                            array('IMSSP', '-85'),
                            array('IMSSP', '-86'),
                            array('IMSSP', '-87'),
--- a/test/functional/sqlsrv/sqlsrv_ae_azure_key_vault_keywords.phpt
+++ b/test/functional/sqlsrv/sqlsrv_ae_azure_key_vault_keywords.phpt
@ -47,6 +47,30 @@ $dataTypes = array("char(".SHORT_STRSIZE.")", "varchar(".SHORT_STRSIZE.")", "nva

 $tableName = "akv_comparison_table";

+// First determine if the server is AE v2 enabled
+$isEnclaveEnabled = false;
+$connectionOptions = array("CharacterSet"=>"UTF-8",
+                           "database"=>$databaseName,
+                           "uid"=>$uid,
+                           "pwd"=>$pwd,
+                           "ConnectionPooling"=>0);
+
+$conn = sqlsrv_connect($server, $connectionOptions);
+if (!$conn) {
+    fatalError("Initial connection failed\n");
+} else {
+    $query = "SELECT [name], [value], [value_in_use] FROM sys.configurations WHERE [name] = 'column encryption enclave type';";
+    $stmt = sqlsrv_query($conn, $query);
+    $info = sqlsrv_fetch_array($stmt);
+    if ($info['value'] == 1 and $info['value_in_use'] == 1) {
+        $isEnclaveEnabled = true;
+    }
+
+    sqlsrv_query($conn, "DBCC FREEPROCCACHE");
+}
+
+unset($conn);
+
 // Test every combination of the keywords above.
 // Leave out good credentials to ensure that caching does not influence the
 // results. The cache timeout can only be changed with SQLSetConnectAttr, so
@ -96,7 +120,8 @@ for ($i = 0; $i < sizeof($columnEncryption); ++$i) {
                        array('IMSSP','-110'),
                        array('IMSSP','-111'),
                        array('IMSSP','-112'),
-                        array('IMSSP','-113')
+                        array('IMSSP','-113'),
+                        array('CE400','0')
                    );
                } else {
                    $columns = array();
@ -148,8 +173,11 @@ for ($i = 0; $i < sizeof($columnEncryption); ++$i) {
                        sqlsrv_free_stmt($stmt);
                    } else {
                        // The INSERT query succeeded with bad credentials, which
-                        // should only happen when encryption is not enabled.
-                        if (AE\isDataEncrypted()) {
+                        // should only happen when 1. encryption is not enabled or
+                        // 2. when ColumnEncryption is set to something other than
+                        // enabled or disabled (i.e. $i == 2), and the server is
+                        // not enclave-enabled
+                        if (!(!AE\isDataEncrypted() or ($i == 2 and !$isEnclaveEnabled))) {
                            fatalError("Successful insertion with bad credentials\n");
                        }
                    }