Details

    • Technical task
    • Resolution: Unresolved
    • Minor
    • None
    • None
    • None
    • 9223372036854775807

    Description

      In "Test Plan for Client-Side Encryption" in

      Test ‘lfs migrate/mirror’ of encrypted file.
      ‘lfs mirror’ actions known to be presently functional are the ‘create/resync/verify/write/read’ sequence, with and without the encryption key.

       

      If I test without encryption key lfs mirror read :

      # lfs mirror read --mirror-id=1 /mnt/lustre/vault/+ed0A1hnSFSvU9myM1ZHw9anVti9gRDhKf4r3fK6FNM
      lfs mirror read: cannot open '/mnt/lustre/vault/+ed0A1hnSFSvU9myM1ZHw9anVti9gRDhKf4r3fK6FNM': Required key not available
      Read the content of a specified mirror of a file. 

      This is the correct behavior - if there is no encryption key, then the user should not be able to read or write the data.

      We need to fix this in the test plan.

      Attachments

        Issue Links

          Activity

            [LU-15790] Fix mirror read/write in Test Plan for File Name Encryption Feature

            Correct, we are on the same page.

            sebastien Sebastien Buisson added a comment - Correct, we are on the same page.

            Sorry, I didn't notice that this was lfs mirror read", which definitely should not work without a key.

            adilger Andreas Dilger added a comment - Sorry, I didn't notice that this was lfs mirror read ", which definitely should not work without a key.

            Sebastien, I thought that lfs migrate and lfs mirror should work for encrypted files without the key (LU-14677), because they open the file with the magic open flags? These operations do not need to understand the file content, and can just read/write the encrypted data.

            adilger Andreas Dilger added a comment - Sebastien, I thought that lfs migrate and lfs mirror should work for encrypted files without the key ( LU-14677 ), because they open the file with the magic open flags? These operations do not need to understand the file content, and can just read/write the encrypted data.

            Please find attached fixed test plan Client-Side Encryption Feature Test Plan.docx

            sebastien Sebastien Buisson added a comment - Please find attached fixed test plan Client-Side Encryption Feature Test Plan.docx

            People

              wc-triage WC Triage
              okulachenko Oleg Kulachenko (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated: