Client-side encryption - support file name encryption
(LU-13717)
|
|
| Status: | Open |
| Project: | Lustre |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Technical task | Priority: | Minor |
| Reporter: | Oleg Kulachenko (Inactive) | Assignee: | WC Triage |
| Resolution: | Unresolved | Votes: | 0 |
| Labels: | None | ||
| Attachments: |
Client-Side Encryption Feature Test Plan.docx
|
||||||||
| Issue Links: |
|
||||||||
| Rank (Obsolete): | 9223372036854775807 | ||||||||
| Description |
|
In "Test Plan for Client-Side Encryption" in Test ‘lfs migrate/mirror’ of encrypted file. ‘lfs mirror’ actions known to be presently functional are the ‘create/resync/verify/write/read’ sequence, with and without the encryption key.
If I test without encryption key lfs mirror read :
# lfs mirror read --mirror-id=1 /mnt/lustre/vault/+ed0A1hnSFSvU9myM1ZHw9anVti9gRDhKf4r3fK6FNM
lfs mirror read: cannot open '/mnt/lustre/vault/+ed0A1hnSFSvU9myM1ZHw9anVti9gRDhKf4r3fK6FNM': Required key not available
Read the content of a specified mirror of a file.
This is the correct behavior - if there is no encryption key, then the user should not be able to read or write the data. We need to fix this in the test plan. |
| Comments |
| Comment by Sebastien Buisson [ 27/Apr/22 ] |
|
Please find attached fixed test plan Client-Side Encryption Feature Test Plan.docx |
| Comment by Andreas Dilger [ 27/Apr/22 ] |
|
Sebastien, I thought that lfs migrate and lfs mirror should work for encrypted files without the key ( |
| Comment by Andreas Dilger [ 27/Apr/22 ] |
|
Sorry, I didn't notice that this was lfs mirror read", which definitely should not work without a key. |
| Comment by Sebastien Buisson [ 27/Apr/22 ] |
|
Correct, we are on the same page. |
[LU-15790] 