Invoke-EncryptColumns NullReferencEexception (#14)

* more logging and setting default schema to null to fix things

* Comments and docs.

* Removed the default from the connection string.

Author: zippy1981

AlwaysEncryptedSample/Views/Home/Index.cshtml

@@ -3,7 +3,7 @@
 }
 
 <div class="jumbotron">
-    <h1>Alway Encrypted Sample App</h1>
+    <h1>Always Encrypted Sample App</h1>
     <p class="lead">Always Encrypted allows clients to encrypt sensitive data inside client applications and never reveal the encryption keys to SQL Server.</p>
     <p><a href="https://msdn.microsoft.com/en-us/library/mt163865.aspx" class="btn btn-primary btn-lg">Learn more &raquo;</a></p>
 </div>
@@ -12,7 +12,7 @@
     <div class="col-md-12">
         <h2>Getting started</h2>
         <p>
-            In order to encrypt the columns you need to run the Encryption.ps1 script in SolutionItems on the created database.
+            In order to encrypt the columns you need to run the <code lang="powershell">New-EncryptionKeys.ps1</code> and <code lang="powershell">Invoke-EncryptColumns.ps1</code> scripts in the project root folder on the created database.
         </p>
     </div>
 </div>

Invoke-EncryptColumns.ps1

@@ -4,10 +4,10 @@
 
 [cmdletbinding()]
 param(
-	[string] $ConnectionString = "Data Source=localhost,1433;Initial Catalog=AlwaysEncryptedSample;UID=sa;PWD=alwaysB3Encrypt1ng;Application Name=Encryption.ps1;Column Encryption Setting=enabled;",
+	[Parameter(Mandatory = $true, ValueFromPipeline = $true)] [string] $ConnectionString,
 	[string] $AuthSchema = 'Authentication',
 	[string] $AppSchema = 'Purchasing',
-	[string] $LoggingSchema = 'Logging',
+	[string] $LogSchema = 'Logging',
 	[string] $AuthColumnKeyName = "AuthColumnsKey",
 	[string] $AppColumnKeyName = "AppColumnsKey",
 	[string] $LogColumnKeyName = "LogColumnsKey",
@@ -18,6 +18,7 @@ param(
 
 try {
 	$smoDatabase = Get-SqlDatabase -ConnectionString $ConnectionString
+	$smoDatabase.DefaultSchema = $null # If we don't do this Set-SqlColumnEncryption will not respect the schema set by New-SqlColumnEncryptionSettings
 }
 catch {
 	Write-Error $_
@@ -27,19 +28,52 @@ catch {
 $encryptionChanges = @()
 
 # Change table [Authentication].[AspNetUsers]
-$encryptionChanges += New-SqlColumnEncryptionSettings -ColumnName "$($AuthSchema).AspNetUsers.SSN" -EncryptionType Randomized -EncryptionKey $AuthColumnKeyName
-
+if ($smoDatabase.ColumnEncryptionKeys[$AuthColumnKeyName].Length -Eq 0) {
+	Write-Warning "Authentication Column Encryption Key $AuthColumnKeyName does not exist."
+}
+elseif ($smoDatabase.Schemas[$AuthSchema].Length -eq 0) {
+	Write-Warning "Authentication Schema $AuthSchema does not exist."
+}
+else {
+	Write-Debug "Adding ColumnEncryptionSettings for Auth Column Key $AuthColumnKeyName."
+	$encryptionChanges += New-SqlColumnEncryptionSettings -ColumnName "$($AuthSchema).AspNetUsers.SSN" -EncryptionType Randomized -EncryptionKey $AuthColumnKeyName
+}
 
 # Change table [Purchasing].[CreditCards]
-$encryptionChanges += New-SqlColumnEncryptionSettings -ColumnName "$($AppSchema).CreditCards.CardNumber" -EncryptionType Randomized -EncryptionKey $AppColumnKeyName
-$encryptionChanges += New-SqlColumnEncryptionSettings -ColumnName "$($AppSchema).CreditCards.CCV" -EncryptionType Randomized -EncryptionKey $AppColumnKeyName
+if ($smoDatabase.ColumnEncryptionKeys[$AppColumnKeyName].Length -Eq 0) {
+	Write-Warning "Application Column Encryption Key $AppColumnKeyName does not exist."
+}
+elseif ($smoDatabase.Schemas[$AppSchema].Length -eq 0) {
+	Write-Warning "Application Schema $AppSchema does not exist."
+}
+else {
+	Write-Debug "Adding ColumnEncryptionSettings for App Column Key $AppColumnKeyName."
+	$encryptionChanges += New-SqlColumnEncryptionSettings -ColumnName "$($AppSchema).CreditCards.CardNumber" -EncryptionType Randomized -EncryptionKey $AppColumnKeyName
+	$encryptionChanges += New-SqlColumnEncryptionSettings -ColumnName "$($AppSchema).CreditCards.CCV" -EncryptionType Randomized -EncryptionKey $AppColumnKeyName
+}
 
 # Change table [Logging].[Log]
-$encryptionChanges += New-SqlColumnEncryptionSettings -ColumnName "$($LoggingSchema).Log.User" -EncryptionType Deterministic -EncryptionKey $LogColumnKeyName
-$encryptionChanges += New-SqlColumnEncryptionSettings -ColumnName "$($LoggingSchema).Log.ClientIP" -EncryptionType Deterministic -EncryptionKey $LogColumnKeyName
-
-Set-SqlColumnEncryption `
-    -ColumnEncryptionSettings $encryptionChanges `
-    -InputObject $smoDatabase `
-    -Script:$Script `
-    -LogFileDirectory $LogFileDirectory
+if ($smoDatabase.ColumnEncryptionKeys[$LogColumnKeyName].Length -Eq 0) {
+	Write-Warning "Logging Column Encryption Key $LogColumnKeyName does not exist."
+}
+elseif ($smoDatabase.Schemas[$LogSchema].Length -eq 0) {
+	Write-Warning "Logging Schema $LogSchema does not exist."
+}
+else {
+	Write-Debug "Adding ColumnEncryptionSettings for Log Column Key $LogColumnKeyName."
+	$encryptionChanges += New-SqlColumnEncryptionSettings -ColumnName "$($LogSchema).Log.User" -EncryptionType Deterministic -EncryptionKey $LogColumnKeyName
+	$encryptionChanges += New-SqlColumnEncryptionSettings -ColumnName "$($LogSchema).Log.ClientIP" -EncryptionType Deterministic -EncryptionKey $LogColumnKeyName
+}
+
+
+if ($encryptionChanges.Length -eq 0) {
+	Write-Warning "Could not find any column keys or schemas to encrypt."
+}
+else {
+	Write-Verbose "Applying Column Encryption to $($encryptionChanges.Length) column(s)."
+	Set-SqlColumnEncryption `
+		-ColumnEncryptionSettings $encryptionChanges `
+		-InputObject $smoDatabase `
+		-Script:$Script `
+		-LogFileDirectory $LogFileDirectory
+}

New-EncryptionKeys.ps1

@@ -4,7 +4,7 @@
 
 [cmdletbinding()]
 param(
-	[string] $ConnectionString = "Data Source=localhost,1433;Initial Catalog=AlwaysEncryptedSample;UID=sa;PWD=alwaysB3Encrypt1ng;Application Name=Encryption.ps1;Column Encryption Setting=enabled;",
+	[Parameter(Mandatory = $true, ValueFromPipeline = $true)] [string] $ConnectionString,
 	[string] $MasterKeyDNSName = "CN=Always Encrypted Sample Cert",
 	[switch] $RemoveExistingCerts,
 	[string] $MasterKeySQLName = "AlwaysEncryptedSampleCMK",
@@ -56,3 +56,4 @@ New-SqlColumnMasterKey -Name $MasterKeySQLName -InputObject $smoDatabase -Column
         -ColumnMasterKey $MasterKeySQLName `
         -Name $_ | Out-Null
 }
+