diff --git a/test/functional/pdo_sqlsrv/MsCommon_mid-refactor.inc b/test/functional/pdo_sqlsrv/MsCommon_mid-refactor.inc index 3a16bd27..081d451c 100644 --- a/test/functional/pdo_sqlsrv/MsCommon_mid-refactor.inc +++ b/test/functional/pdo_sqlsrv/MsCommon_mid-refactor.inc @@ -92,6 +92,13 @@ function getDSN($sqlsrvserver, $database, $keywords = '', $disableCE = false) if ($keystore != "none" && !$disableCE) { $dsn .= "ColumnEncryption=Enabled;"; } + if ($keystore == "akv" && !$disableCE) { + if ($keyStoreAuthentication == "KeyVaultPassword") { + $dsn .= "KeyStoreAuthentication=$keyStoreAuthentication;KeyStorePrincipalId=$principalName;KeyStoreSecret=$AKVPassword;"; + } else if ($keyStoreAuthentication == "KeyVaultClientSecret") { + $dsn .= "KeyStoreAuthentication=$keyStoreAuthentication;KeyStorePrincipalId=$clientID;KeyStoreSecret=$AKVSecret;"; + } + } if ($keystore == "ksp" && !$disableCE) { $ksp_path = getKSPPath(); $ksp_name = KSP_NAME; diff --git a/test/functional/pdo_sqlsrv/MsSetup.inc b/test/functional/pdo_sqlsrv/MsSetup.inc index 7e98c673..e818dca0 100644 --- a/test/functional/pdo_sqlsrv/MsSetup.inc +++ b/test/functional/pdo_sqlsrv/MsSetup.inc @@ -44,9 +44,11 @@ $traceEnabled = false; $keystore = "none"; // key store provider, acceptable values are none, win, ksp, akv $dataEncrypted = false; // whether data is to be encrypted -$principalName = 'name'; -$clientID = 'clientid'; -$AKVPassword = 'password'; -$AKVSecret = 'secret'; +// for Azure Key Vault +$keyStoreAuthentication = 'KeyVaultPassword'; // can be KeyVaultPassword or KeyVaultClientSecret +$principalName = 'name'; // for use with KeyVaultPassword +$AKVPassword = 'password'; // for use with KeyVaultPassword +$clientID = 'clientid'; // for use with KeyVaultClientSecret +$AKVSecret = 'secret'; // for use with KeyVaultClientSecret ?> \ No newline at end of file diff --git a/test/functional/sqlsrv/MsHelper.inc b/test/functional/sqlsrv/MsHelper.inc index e0329855..e3ba3014 100644 --- a/test/functional/sqlsrv/MsHelper.inc +++ b/test/functional/sqlsrv/MsHelper.inc @@ -359,6 +359,17 @@ function connect($options = array(), $disableCE = false) if (isColEncrypted()) { $connectionOptions = array_merge($connectionOptions, array("ColumnEncryption" => "Enabled")); } + if ($keystore == 'akv') { + $akv_options = array("KeyStoreAuthentication"=>$keyStoreAuthentication); + if ($keyStoreAuthentication == 'KeyVaultPassword') { + $akv_options["KeyStorePrincipalId"] = $principalName; + $akv_options["KeyStoreSecret"] = $AKVPassword; + } else if ($keyStoreAuthentication == "KeyVaultClientSecret") { + $akv_options["KeyStorePrincipalId"] = $clientID; + $akv_options["KeyStoreSecret"] = $AKVSecret; + } + $connectionOptions = array_merge($connectionOptions, $akv_options); + } } $conn = sqlsrv_connect($server, $connectionOptions); if ($conn === false) { diff --git a/test/functional/sqlsrv/MsSetup.inc b/test/functional/sqlsrv/MsSetup.inc index 2707461c..8b71e4bc 100644 --- a/test/functional/sqlsrv/MsSetup.inc +++ b/test/functional/sqlsrv/MsSetup.inc @@ -44,9 +44,11 @@ if (isset($_ENV['MSSQL_SERVER']) || isset($_ENV['MSSQL_USER']) || isset($_ENV['M $keystore = "none"; // key store provider, acceptable values are none, win, ksp, akv $dataEncrypted = false; // whether data is to be encrypted -$principalName = 'name'; -$clientID = 'clientid'; -$AKVPassword = 'password'; -$AKVSecret = 'secret'; +// for Azure Key Vault +$keyStoreAuthentication = 'KeyVaultPassword'; // can be KeyVaultPassword or KeyVaultClientSecret +$principalName = 'name'; // for use with KeyVaultPassword +$AKVPassword = 'password'; // for use with KeyVaultPassword +$clientID = 'clientid'; // for use with KeyVaultClientSecret +$AKVSecret = 'secret'; // for use with KeyVaultClientSecret ?>