Uploaded image for project: 'Lustre'
  1. Lustre
  2. LU-13717 Client-side encryption - support file name encryption
  3. LU-15790

Fix mirror read/write in Test Plan for File Name Encryption Feature

Details

    • Technical task
    • Resolution: Unresolved
    • Minor
    • None
    • None
    • None
    • 9223372036854775807

    Description

      In "Test Plan for Client-Side Encryption" in

      Test ‘lfs migrate/mirror’ of encrypted file.
‘lfs mirror’ actions known to be presently functional are the ‘create/resync/verify/write/read’ sequence, with and without the encryption key.

       

      If I test without encryption key lfs mirror read :

      # lfs mirror read --mirror-id=1 /mnt/lustre/vault/+ed0A1hnSFSvU9myM1ZHw9anVti9gRDhKf4r3fK6FNM
lfs mirror read: cannot open '/mnt/lustre/vault/+ed0A1hnSFSvU9myM1ZHw9anVti9gRDhKf4r3fK6FNM': Required key not available
Read the content of a specified mirror of a file.

      This is the correct behavior - if there is no encryption key, then the user should not be able to read or write the data.

      We need to fix this in the test plan.

      Attachments

        Issue Links

          is related to

          Improvement - An improvement or enhancement to an existing feature or task. LU-14677 lfs migrate/mirror of encrypted files

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved
          mentioned in

          [Whamcloud Community Wiki] Page Page No Confluence page found with the given URL.

          [Whamcloud Community Wiki] Page Page No Confluence page found with the given URL.

          Activity

            [LU-15790] Fix mirror read/write in Test Plan for File Name Encryption Feature
            sebastien Sebastien Buisson added a comment -

            Correct, we are on the same page.

            sebastien Sebastien Buisson added a comment - Correct, we are on the same page.
            adilger Andreas Dilger added a comment -

            Sorry, I didn't notice that this was lfs mirror read", which definitely should not work without a key.

            adilger Andreas Dilger added a comment - Sorry, I didn't notice that this was lfs mirror read ", which definitely should not work without a key.
            adilger Andreas Dilger added a comment -

            Sebastien, I thought that lfs migrate and lfs mirror should work for encrypted files without the key (LU-14677), because they open the file with the magic open flags? These operations do not need to understand the file content, and can just read/write the encrypted data.

            adilger Andreas Dilger added a comment - Sebastien, I thought that lfs migrate and lfs mirror should work for encrypted files without the key ( LU-14677 ), because they open the file with the magic open flags? These operations do not need to understand the file content, and can just read/write the encrypted data.
            sebastien Sebastien Buisson added a comment -

            Please find attached fixed test plan Client-Side Encryption Feature Test Plan.docx

            sebastien Sebastien Buisson added a comment - Please find attached fixed test plan Client-Side Encryption Feature Test Plan.docx

            People

              wc-triage WC Triage
              okulachenko Oleg Kulachenko (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated: