Merge pull request #141 from fonsecamar/main

markjbrown · web-flow · commit 71f4b0e8977d · 2024-09-06T12:53:55.000-07:00
Mongo Source CSFLE support and Cosmos NoSQL Always Encrypted support
diff --git a/Core/Cosmos.DataTransfer.Core/Cosmos.DataTransfer.Core.csproj b/Core/Cosmos.DataTransfer.Core/Cosmos.DataTransfer.Core.csproj
@@ -19,8 +19,8 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Azure.Core" Version="1.36.0" />
-    <PackageReference Include="Microsoft.Data.SqlClient" Version="5.2.0" />
+    <PackageReference Include="Azure.Core" Version="1.38.0" />
+    <PackageReference Include="Microsoft.Data.SqlClient" Version="5.2.2" />
     <PackageReference Include="Microsoft.Extensions.Configuration.UserSecrets" Version="6.0.1" />
     <PackageReference Include="Microsoft.Extensions.Hosting" Version="6.0.1" />
     <PackageReference Include="Microsoft.Extensions.Logging.Console" Version="6.0.0" />
diff --git a/Extensions/Cosmos/Cosmos.DataTransfer.CosmosExtension/Cosmos.DataTransfer.CosmosExtension.csproj b/Extensions/Cosmos/Cosmos.DataTransfer.CosmosExtension/Cosmos.DataTransfer.CosmosExtension.csproj
@@ -8,8 +8,10 @@
 	</PropertyGroup>
 
 	<ItemGroup>
-		<PackageReference Include="Azure.Identity" Version="1.10.3" />
+		<PackageReference Include="Azure.Identity" Version="1.11.4" />
+		<PackageReference Include="Azure.Security.KeyVault.Keys" Version="4.6.0" />
 		<PackageReference Include="Microsoft.Azure.Cosmos" Version="3.34.0" />
+		<PackageReference Include="Microsoft.Azure.Cosmos.Encryption" Version="2.0.3" />
 		<PackageReference Include="Microsoft.Extensions.Configuration" Version="6.0.1" />
 		<PackageReference Include="Microsoft.Extensions.Configuration.Abstractions" Version="6.0.0" />
 		<PackageReference Include="Microsoft.Extensions.Configuration.Binder" Version="6.0.0" />
diff --git a/Extensions/Cosmos/Cosmos.DataTransfer.CosmosExtension/CosmosDataSinkExtension.cs b/Extensions/Cosmos/Cosmos.DataTransfer.CosmosExtension/CosmosDataSinkExtension.cs
@@ -5,6 +5,7 @@
 using System.Text;
 using Cosmos.DataTransfer.Interfaces;
 using Microsoft.Azure.Cosmos;
+using Microsoft.Azure.Cosmos.Encryption;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.Logging;
 using Newtonsoft.Json;
@@ -28,7 +29,14 @@ public async Task WriteAsync(IAsyncEnumerable<IDataItem> dataItems, IConfigurati
             Container? container;
             if (settings.UseRbacAuth)
             {
-                container = client.GetContainer(settings.Database, settings.Container);
+                if (settings.InitClientEncryption)
+                {
+                    container = await client.GetContainer(settings.Database, settings.Container).InitializeEncryptionAsync();
+                }
+                else
+                {
+                    container = client.GetContainer(settings.Database, settings.Container);
+                }
             }
             else
             {
@@ -94,7 +102,7 @@ void ReportCount(int i)
             }
 
             var convertedObjects = dataItems
-                .Select(di => di.BuildDynamicObjectTree(requireStringId: true, ignoreNullValues: settings.IgnoreNullValues, preserveMixedCaseIds: settings.PreserveMixedCaseIds))
+                .Select(di => di.BuildDynamicObjectTree(requireStringId: true, ignoreNullValues: settings.IgnoreNullValues, preserveMixedCaseIds: settings.PreserveMixedCaseIds, transformations: settings.Transformations))
                 .Where(o => o != null)
                 .OfType<ExpandoObject>();
             var batches = convertedObjects.Buffer(settings.BatchSize);
diff --git a/Extensions/Cosmos/Cosmos.DataTransfer.CosmosExtension/CosmosDataSourceExtension.cs b/Extensions/Cosmos/Cosmos.DataTransfer.CosmosExtension/CosmosDataSourceExtension.cs
@@ -2,6 +2,7 @@
 using System.Runtime.CompilerServices;
 using Cosmos.DataTransfer.Interfaces;
 using Microsoft.Azure.Cosmos;
+using Microsoft.Azure.Cosmos.Encryption;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.Logging;
 
@@ -19,8 +20,17 @@ public async IAsyncEnumerable<IDataItem> ReadAsync(IConfiguration config, ILogge
 
             var client = CosmosExtensionServices.CreateClient(settings, DisplayName);
 
-            var container = client.GetContainer(settings.Database, settings.Container);
+            Container container;
             
+            if(settings.InitClientEncryption)
+            {
+                container = await client.GetContainer(settings.Database, settings.Container).InitializeEncryptionAsync();
+            }
+            else
+            {
+                container = client.GetContainer(settings.Database, settings.Container);
+            }
+
             await CosmosExtensionServices.VerifyContainerAccess(container, settings.Container, logger, cancellationToken);
 
             var requestOptions = new QueryRequestOptions();
diff --git a/Extensions/Cosmos/Cosmos.DataTransfer.CosmosExtension/CosmosExtensionServices.cs b/Extensions/Cosmos/Cosmos.DataTransfer.CosmosExtension/CosmosExtensionServices.cs
@@ -6,6 +6,8 @@
 using System.Reflection;
 using Azure.Core;
 using System.Text.RegularExpressions;
+using Microsoft.Azure.Cosmos.Encryption;
+using Azure.Security.KeyVault.Keys.Cryptography;
 using System.Net;
 
 namespace Cosmos.DataTransfer.CosmosExtension
@@ -41,7 +43,17 @@ public static CosmosClient CreateClient(CosmosSettingsBase settings, string disp
             if (settings.UseRbacAuth)
             {
                 TokenCredential tokenCredential = new DefaultAzureCredential(includeInteractiveCredentials: settings.EnableInteractiveCredentials);
-                cosmosClient = new CosmosClient(settings.AccountEndpoint, tokenCredential, clientOptions);
+
+                if(settings.InitClientEncryption)
+                {
+                    var keyResolver = new KeyResolver(tokenCredential);
+                    cosmosClient = new CosmosClient(settings.AccountEndpoint, tokenCredential, clientOptions)
+                        .WithEncryption(keyResolver, KeyEncryptionKeyResolverName.AzureKeyVault);
+                }
+                else
+                {
+                    cosmosClient = new CosmosClient(settings.AccountEndpoint, tokenCredential, clientOptions);
+                }
             }
             else
             {
diff --git a/Extensions/Cosmos/Cosmos.DataTransfer.CosmosExtension/CosmosSettingsBase.cs b/Extensions/Cosmos/Cosmos.DataTransfer.CosmosExtension/CosmosSettingsBase.cs
@@ -15,6 +15,7 @@ public abstract class CosmosSettingsBase : IValidatableObject
         public bool UseRbacAuth { get; set; }
         public string? AccountEndpoint { get; set; }
         public bool EnableInteractiveCredentials { get; set; } = true;
+        public bool InitClientEncryption { get; set; } = false;
 
         public virtual IEnumerable<ValidationResult> Validate(ValidationContext validationContext)
         {
@@ -26,6 +27,10 @@ public virtual IEnumerable<ValidationResult> Validate(ValidationContext validati
             {
                 yield return new ValidationResult("AccountEndpoint must be specified when UseRbacAuth is true", new[] { nameof(AccountEndpoint) });
             }
+            if (!UseRbacAuth && InitClientEncryption)
+            {
+                yield return new ValidationResult("InitClientEncryption can only be used when UseRbacAuth is true", new[] { nameof(InitClientEncryption) });
+            }
         }
     }
 }
diff --git a/Extensions/Cosmos/Cosmos.DataTransfer.CosmosExtension/CosmosSinkSettings.cs b/Extensions/Cosmos/Cosmos.DataTransfer.CosmosExtension/CosmosSinkSettings.cs
@@ -18,6 +18,7 @@ public class CosmosSinkSettings : CosmosSettingsBase, IDataExtensionSettings
         public DataWriteMode WriteMode { get; set; } = DataWriteMode.Insert;
         public bool IgnoreNullValues { get; set; } = false;
         public List<string>? PartitionKeyPaths { get; set; }
+        public Dictionary<string, DataItemTransformation>? Transformations { get; set; }
 
         public override IEnumerable<ValidationResult> Validate(ValidationContext validationContext)
         {
@@ -58,6 +59,11 @@ public override IEnumerable<ValidationResult> Validate(ValidationContext validat
             {
                 yield return new ValidationResult("PartitionKeyPath must be specified when WriteMode is set to InsertStream or UpsertStream", new[] { nameof(PartitionKeyPath), nameof(PartitionKeyPaths), nameof(WriteMode) });
             }
+
+            if (HasInvalidTransformations())
+            {
+                yield return new ValidationResult("Transformations must always specify SourceFieldName and either DestinationFieldName or DestinationFieldType", new[] { nameof(Transformations) });
+            }
         }
 
         private bool MissingPartitionKeys()
@@ -70,5 +76,11 @@ private bool MissingPartitionKeys()
 
             return true;
         }
+
+        private bool HasInvalidTransformations()
+        {
+            return Transformations != null && 
+                Transformations.Any(t => string.IsNullOrEmpty(t.Value.DestinationFieldName) && string.IsNullOrEmpty(t.Value.DestinationFieldTypeCode));
+        }
     }
 }
diff --git a/Extensions/Cosmos/README.md b/Extensions/Cosmos/README.md
@@ -16,6 +16,14 @@ Source and sink settings also both require parameters to specify the data locati
 
 Source supports an optional `IncludeMetadataFields` parameter (`false` by default) to enable inclusion of built-in Cosmos fields prefixed with `"_"`, for example `"_etag"` and `"_ts"`. An optional PartitionKeyValue setting allows for filtering to a single partition. The optional Query setting allows further filtering using a Cosmos SQL statement. An optional `WebProxy` parameter (`null` by default) enables connections through a proxy.
 
+### Always Encrypted
+
+Source and Sink support Always Encrypted as an optional parameter. When `InitClientEncryption` is set to `true`, the extension will initialize the Cosmos client with the Always Encrypted feature enabled. This allows for the use of encrypted fields in the Cosmos DB container. The extension will automatically decrypt the fields when reading from the source and encrypt the fields when writing to the sink. 
+</br>
+The extension will also automatically handle the encryption keys and encryption policy for the client, but it requires `UseRbacAuth` to be set to `true` and the user to have the necessary permissions to access the key vault.
+</br>
+> **Note**: To use Always Encrypted, Cosmos DB container must be pre-configured with the necessary encryption policy and the user must have the necessary permissions to access the key vault.
+
 ### Source
 
 ```json
@@ -42,6 +50,7 @@ Or with RBAC:
     "IncludeMetadataFields": false,
     "PartitionKeyValue":"123",
     "Query":"SELECT * FROM c WHERE c.category='event'",
+    "InitClientEncryption": false
     "WebProxy":"http://yourproxy.server.com/"
 }
 ```
@@ -67,6 +76,7 @@ Sink requires an additional `PartitionKeyPath` parameter which is used when crea
     "PreserveMixedCaseIds": false,
     "IgnoreNullValues": false,
     "IsServerlessAccount": false,
-    "UseSharedThroughput": false
+    "UseSharedThroughput": false,
+    "InitClientEncryption": false
 }
 ```
diff --git a/Extensions/Mongo/Cosmos.DataTransfer.MongoExtension/Context.cs b/Extensions/Mongo/Cosmos.DataTransfer.MongoExtension/Context.cs
@@ -1,13 +1,15 @@
 ﻿using MongoDB.Bson;
 using MongoDB.Driver;
 using MongoDB.Driver.Core.Events;
+using MongoDB.Driver.Encryption;
 
 namespace Cosmos.DataTransfer.MongoExtension;
 public class Context
 {
     private readonly IMongoDatabase database = null!;
 
-    public Context(string connectionString, string databaseName)
+    public Context(string connectionString, string databaseName, 
+        string? keyVaultNamespace = null, Dictionary<string, IReadOnlyDictionary<string, object>>? kmsProviders = null)
     {
         var mongoConnectionUrl = new MongoUrl(connectionString);
         var mongoClientSettings = MongoClientSettings.FromUrl(mongoConnectionUrl);
@@ -16,6 +18,16 @@ public Context(string connectionString, string databaseName)
                 System.Diagnostics.Debug.WriteLine($"{e.CommandName} - {e.Command.ToJson()}");
             });
         };
+
+        if(!string.IsNullOrEmpty(keyVaultNamespace) && kmsProviders?.Count != 0)
+        {
+            var autoEncryptionOptions = new AutoEncryptionOptions(
+                        keyVaultNamespace: CollectionNamespace.FromFullName(keyVaultNamespace),
+                        kmsProviders: kmsProviders,
+                        bypassAutoEncryption: true);
+            mongoClientSettings.AutoEncryptionOptions = autoEncryptionOptions;
+        }
+
         var client = new MongoClient(mongoClientSettings);
         database = client.GetDatabase(databaseName);
     }
diff --git a/Extensions/Mongo/Cosmos.DataTransfer.MongoExtension/MongoDataSourceExtension.cs b/Extensions/Mongo/Cosmos.DataTransfer.MongoExtension/MongoDataSourceExtension.cs
@@ -19,7 +19,7 @@ public async IAsyncEnumerable<IDataItem> ReadAsync(IConfiguration config, ILogge
 
         if (!string.IsNullOrEmpty(settings.ConnectionString) && !string.IsNullOrEmpty(settings.DatabaseName))
         {
-            var context = new Context(settings.ConnectionString, settings.DatabaseName);
+            var context = new Context(settings.ConnectionString, settings.DatabaseName, settings.KeyVaultNamespace, settings.KMSProviders);
 
             var collectionNames = !string.IsNullOrEmpty(settings.Collection)
                 ? new List<string> { settings.Collection }
@@ -40,7 +40,7 @@ public async IAsyncEnumerable<IDataItem> EnumerateCollectionAsync(Context contex
         logger.LogInformation("Reading collection '{Collection}'", collectionName);
         var collection = context.GetRepository<BsonDocument>(collectionName);
         int itemCount = 0;
-        foreach (var record in collection.AsQueryable())
+        foreach (var record in await Task.Run(() => collection.AsQueryable()))
         {
             yield return new MongoDataItem(record);
             itemCount++;
diff --git a/Extensions/Mongo/Cosmos.DataTransfer.MongoExtension/Settings/MongoSourceSettings.cs b/Extensions/Mongo/Cosmos.DataTransfer.MongoExtension/Settings/MongoSourceSettings.cs
@@ -1,5 +1,12 @@
-﻿namespace Cosmos.DataTransfer.MongoExtension.Settings;
+﻿using Cosmos.DataTransfer.Interfaces.Manifest;
+
+namespace Cosmos.DataTransfer.MongoExtension.Settings;
 public class MongoSourceSettings : MongoBaseSettings
 {
     public string? Collection { get; set; }
+
+    [SensitiveValue]
+    public Dictionary<string, IReadOnlyDictionary<string, object>>? KMSProviders { get; set; }
+
+    public string? KeyVaultNamespace { get; set; }
 }
diff --git a/Extensions/Mongo/README.md b/Extensions/Mongo/README.md
@@ -13,7 +13,7 @@ Source and sink settings require both `ConnectionString` and `DatabaseName` para
 ```json
 {
     "ConnectionString": "",
-    "DatabaseName: "",
+    "DatabaseName": "",
     "Collection": ""
 }
 ```
@@ -23,7 +23,7 @@ Source and sink settings require both `ConnectionString` and `DatabaseName` para
 ```json
 {
     "ConnectionString": "",
-    "DatabaseName: "",
+    "DatabaseName": "",
     "Collection": ""
 }
 ```
@@ -36,10 +36,37 @@ The MongoDB Vector extension is a Sink only extension that builds on the MongoDB
 
 ## Settings
 
-The settings are based on the MongoDB extension settings with additional parameters for generating embeddings.
+### Additional Source Settings
+
+If using CSFLE (Client Side Field Level Encryption), source sink supports autodecryption providing the following parameters:
+
+- `KeyVaultNamespace`: Database and collection holding the Key Vault and Keys details. Format: `database.collection`
+- `KMSProviders`: Key Management Service providers for the Key Vault. For Azure Key Vault support, the following parameters are required:
+  - `tenantId`: The Azure Active Directory tenant ID
+  - `clientId`: The Azure Active Directory application client ID
+  - `clientSecret`: The Azure Active Directory application client secret
+
+```json
+{
+    "ConnectionString": "",
+    "DatabaseName": "",
+    "Collection": "",
+    "KeyVaultNamespace": "",
+    "KMSProviders": {
+		"azure": {
+			"tenantId": "",
+			"clientId": "",
+			"clientSecret": ""
+		}
+	}
+}
+```
+
 
 ### Additional Sink Settings
 
+The settings are based on the MongoDB extension settings with additional parameters for generating embeddings.
+
 The sink settings require the following additional parameters:
 
 - `GenerateEmbedding`: If set to true, the sink will generate embeddings for the records before writing them to the database. The sink requires the `OpenAIUrl`, `OpenAIKey`, and `OpenAIDeploymentModel` parameters to be set. Following paramaters are required if this is true
@@ -52,7 +79,7 @@ The sink settings require the following additional parameters:
 ```json
 {
     "ConnectionString": "",
-    "DatabaseName: "",
+    "DatabaseName": "",
     "Collection": "",
     "BatchSize: 100,
     "GenerateEmbedding": true | false
diff --git a/Interfaces/Cosmos.DataTransfer.Interfaces/DataItemExtensions.cs b/Interfaces/Cosmos.DataTransfer.Interfaces/DataItemExtensions.cs
@@ -11,9 +11,10 @@ public static class DataItemExtensions
     /// <param name="requireStringId">If true, adds a new GUID "id" field to any top level items where one is not already present.</param>
     /// <param name="ignoreNullValues">If true, excludes fields containing null values from output.</param>
     /// <param name="preserveMixedCaseIds">If true, disregards differently cased "id" fields for purposes of required "id" and passes them through.</param>
+    /// <param name="transformations">List of transformations to be performed</param>
     /// <returns>A dynamic object containing the entire data structure.</returns>
     /// <remarks>The returned ExpandoObject can be used directly as an IDictionary.</remarks>
-    public static ExpandoObject? BuildDynamicObjectTree(this IDataItem? source, bool requireStringId = false, bool ignoreNullValues = false, bool preserveMixedCaseIds = false)
+    public static ExpandoObject? BuildDynamicObjectTree(this IDataItem? source, bool requireStringId = false, bool ignoreNullValues = false, bool preserveMixedCaseIds = false, Dictionary<string, DataItemTransformation>? transformations = null)
     {
         if (source == null) 
         {
@@ -31,11 +32,12 @@ public static class DataItemExtensions
          */
         var containsLowercaseIdField = fields.Contains("id", StringComparer.CurrentCulture);
         var containsAnyIdField = fields.Contains("id", StringComparer.CurrentCultureIgnoreCase);
+        var containsIdIdFieldTransformation = transformations?.Values.Any(t => t.DestinationFieldName?.ToLowerInvariant() == "id") ?? false;
 
         if (requireStringId)
         {
             bool mismatchedIdCasing = preserveMixedCaseIds && !containsLowercaseIdField;
-            if (!containsAnyIdField || mismatchedIdCasing)
+            if ((!containsAnyIdField || mismatchedIdCasing) && !containsIdIdFieldTransformation)
             {
                 item.TryAdd("id", Guid.NewGuid().ToString());
             }
@@ -44,12 +46,16 @@ public static class DataItemExtensions
         foreach (string field in fields)
         {
             object? value = source.GetValue(field);
+
             if (ignoreNullValues && value == null) 
             {
                 continue;
             }
 
-            var fieldName = field;
+            DataItemTransformation? itemTransformation = null;
+            transformations?.TryGetValue(field, out itemTransformation);
+
+            var fieldName = itemTransformation?.DestinationFieldName ?? field;
             if (requireStringId && string.Equals(field, "id", StringComparison.CurrentCultureIgnoreCase))
             {
                 if (preserveMixedCaseIds)
@@ -78,7 +84,15 @@ public static class DataItemExtensions
                 value = BuildArray(array, ignoreNulls: ignoreNullValues);
             }
 
-            item.TryAdd(fieldName, value);
+            if(string.IsNullOrEmpty(itemTransformation?.DestinationFieldTypeCode))
+            {
+                item.TryAdd(fieldName, value);
+            }
+            else
+            {
+                Enum.TryParse<TypeCode>(itemTransformation.DestinationFieldTypeCode, true, out TypeCode typeCode);
+                item.TryAdd(fieldName, Convert.ChangeType(value, typeCode));
+            }
         }
 
         return item;
diff --git a/Interfaces/Cosmos.DataTransfer.Interfaces/DataItemTransformation.cs b/Interfaces/Cosmos.DataTransfer.Interfaces/DataItemTransformation.cs
@@ -0,0 +1,8 @@
+﻿namespace Cosmos.DataTransfer.Interfaces
+{
+    public class DataItemTransformation
+    {
+        public string? DestinationFieldName { get; set; }
+        public string? DestinationFieldTypeCode { get; set; }
+    }
+}

Original file line number	Diff line number	Diff line change
`@@ -15,6 +15,7 @@ public abstract class CosmosSettingsBase : IValidatableObject`
`15`	`15`	`public bool UseRbacAuth { get; set; }`
`16`	`16`	`public string? AccountEndpoint { get; set; }`
`17`	`17`	`public bool EnableInteractiveCredentials { get; set; } = true;`
	`18`	`+ public bool InitClientEncryption { get; set; } = false;`
`18`	`19`
`19`	`20`	`public virtual IEnumerable<ValidationResult> Validate(ValidationContext validationContext)`
`20`	`21`	`{`
`@@ -26,6 +27,10 @@ public virtual IEnumerable<ValidationResult> Validate(ValidationContext validati`
`26`	`27`	`{`
`27`	`28`	`yield return new ValidationResult("AccountEndpoint must be specified when UseRbacAuth is true", new[] { nameof(AccountEndpoint) });`
`28`	`29`	`}`
	`30`	`+ if (!UseRbacAuth && InitClientEncryption)`
	`31`	`+ {`
	`32`	`+ yield return new ValidationResult("InitClientEncryption can only be used when UseRbacAuth is true", new[] { nameof(InitClientEncryption) });`
	`33`	`+ }`
`29`	`34`	`}`
`30`	`35`	`}`
`31`	`36`	`}`
Original file line number	Diff line number	Diff line change
`@@ -18,6 +18,7 @@ public class CosmosSinkSettings : CosmosSettingsBase, IDataExtensionSettings`
`18`	`18`	`public DataWriteMode WriteMode { get; set; } = DataWriteMode.Insert;`
`19`	`19`	`public bool IgnoreNullValues { get; set; } = false;`
`20`	`20`	`public List<string>? PartitionKeyPaths { get; set; }`
	`21`	`+ public Dictionary<string, DataItemTransformation>? Transformations { get; set; }`
`21`	`22`
`22`	`23`	`public override IEnumerable<ValidationResult> Validate(ValidationContext validationContext)`
`23`	`24`	`{`
`@@ -58,6 +59,11 @@ public override IEnumerable<ValidationResult> Validate(ValidationContext validat`
`58`	`59`	`{`
`59`	`60`	`yield return new ValidationResult("PartitionKeyPath must be specified when WriteMode is set to InsertStream or UpsertStream", new[] { nameof(PartitionKeyPath), nameof(PartitionKeyPaths), nameof(WriteMode) });`
`60`	`61`	`}`
	`62`	`+`
	`63`	`+ if (HasInvalidTransformations())`
	`64`	`+ {`
	`65`	`+ yield return new ValidationResult("Transformations must always specify SourceFieldName and either DestinationFieldName or DestinationFieldType", new[] { nameof(Transformations) });`
	`66`	`+ }`
`61`	`67`	`}`
`62`	`68`
`63`	`69`	`private bool MissingPartitionKeys()`
`@@ -70,5 +76,11 @@ private bool MissingPartitionKeys()`
`70`	`76`
`71`	`77`	`return true;`
`72`	`78`	`}`
	`79`	`+`
	`80`	`+ private bool HasInvalidTransformations()`
	`81`	`+ {`
	`82`	`+ return Transformations != null &&`
	`83`	`+ Transformations.Any(t => string.IsNullOrEmpty(t.Value.DestinationFieldName) && string.IsNullOrEmpty(t.Value.DestinationFieldTypeCode));`
	`84`	`+ }`
`73`	`85`	`}`
`74`	`86`	`}`