#!/bin/ksh -p # # CDDL HEADER START # # This file and its contents are supplied under the terms of the # Common Development and Distribution License ("CDDL"), version 1.0. # You may only use this file in accordance with the terms of version # 1.0 of the CDDL. # # A full copy of the text of the CDDL should have accompanied this # source. A copy of the CDDL is also available via the Internet at # http://www.illumos.org/license/CDDL. # # CDDL HEADER END # # # Copyright (c) 2017, Datto, Inc. All rights reserved. # . $STF_SUITE/include/libtest.shlib . $STF_SUITE/tests/functional/cli_root/zfs_create/zfs_create_common.kshlib . $STF_SUITE/tests/functional/cli_root/zfs_create/properties.kshlib . $STF_SUITE/tests/functional/cli_root/zfs_load-key/zfs_load-key_common.kshlib # # DESCRIPTION: # ZFS should create datasets only if they have a valid combination of # encryption properties set. # # penc = parent encrypted # enc = encryption # loc = keylocation provided # fmt = keyformat provided # # penc enc fmt loc valid notes # ------------------------------------------- # no unspec 0 0 yes inherit no encryption (not tested here) # no unspec 0 1 no no crypt specified # no unspec 1 0 no no crypt specified # no unspec 1 1 no no crypt specified # no off 0 0 yes explicit no encryption # no off 0 1 no keylocation given, but crypt off # no off 1 0 no keyformat given, but crypt off # no off 1 1 no keyformat given, but crypt off # no on 0 0 no no keyformat specified for new key # no on 0 1 no no keyformat specified for new key # no on 1 0 yes new encryption root # no on 1 1 yes new encryption root # yes unspec 0 0 yes inherit encryption # yes unspec 0 1 no no keyformat specified # yes unspec 1 0 yes new encryption root, crypt inherited # yes unspec 1 1 yes new encryption root, crypt inherited # yes off 0 0 yes unencrypted child of encrypted parent # yes off 0 1 no keylocation given, but crypt off # yes off 1 0 no keyformat given, but crypt off # yes off 1 1 no keyformat given, but crypt off # yes on 0 0 yes inherited encryption, local crypt # yes on 0 1 no no keyformat specified for new key # yes on 1 0 yes new encryption root # yes on 1 1 yes new encryption root # # STRATEGY: # 1. Attempt to create a dataset using all combinations of encryption # properties # verify_runnable "both" function cleanup { datasetexists $TESTPOOL/$TESTFS1 && \ log_must zfs destroy -r $TESTPOOL/$TESTFS1 datasetexists $TESTPOOL/$TESTFS2 && \ log_must zfs destroy -r $TESTPOOL/$TESTFS2 } log_onexit cleanup log_assert "ZFS should create datasets only if they have a valid" \ "combination of encryption properties set." # Unencrypted parent log_must zfs create $TESTPOOL/$TESTFS1 log_mustnot zfs create -o keyformat=passphrase $TESTPOOL/$TESTFS1/c1 log_mustnot zfs create -o keylocation=prompt $TESTPOOL/$TESTFS1/c1 log_mustnot zfs create -o keyformat=passphrase -o keylocation=prompt \ $TESTPOOL/$TESTFS1/c1 log_must zfs create -o encryption=off $TESTPOOL/$TESTFS1/c1 log_mustnot zfs create -o encryption=off -o keylocation=prompt \ $TESTPOOL/$TESTFS1/c2 log_mustnot zfs create -o encryption=off -o keyformat=passphrase \ $TESTPOOL/$TESTFS1/c2 log_mustnot zfs create -o encryption=off -o keyformat=passphrase \ -o keylocation=prompt $TESTPOOL/$TESTFS1/c2 log_mustnot zfs create -o encryption=on $TESTPOOL/$TESTFS1/c2 log_mustnot zfs create -o encryption=on -o keylocation=prompt \ $TESTPOOL/$TESTFS1/c2 log_must eval "echo $PASSPHRASE | zfs create -o encryption=on" \ "-o keyformat=passphrase $TESTPOOL/$TESTFS1/c3" log_must eval "echo $PASSPHRASE | zfs create -o encryption=on" \ "-o keyformat=passphrase -o keylocation=prompt $TESTPOOL/$TESTFS1/c4" # Encrypted parent log_must eval "echo $PASSPHRASE | zfs create -o encryption=on" \ "-o keyformat=passphrase $TESTPOOL/$TESTFS2" log_must zfs create $TESTPOOL/$TESTFS2/c1 log_mustnot zfs create -o keylocation=prompt $TESTPOOL/$TESTFS2/c2 log_must eval "echo $PASSPHRASE | zfs create -o keyformat=passphrase" \ "$TESTPOOL/$TESTFS2/c3" log_must eval "echo $PASSPHRASE | zfs create -o keyformat=passphrase" \ "-o keylocation=prompt $TESTPOOL/$TESTFS2/c4" log_must zfs create -o encryption=off $TESTPOOL/$TESTFS2/c5 log_must test "$(get_prop 'encryption' $TESTPOOL/$TESTFS2/c5)" == "off" log_mustnot zfs create -o encryption=off -o keylocation=prompt \ $TESTPOOL/$TESTFS2/c5 log_mustnot zfs create -o encryption=off -o keyformat=passphrase \ $TESTPOOL/$TESTFS2/c5 log_mustnot zfs create -o encryption=off -o keyformat=passphrase \ -o keylocation=prompt $TESTPOOL/$TESTFS2/c5 log_must eval "echo $PASSPHRASE | zfs create -o encryption=on" \ "$TESTPOOL/$TESTFS2/c6" log_mustnot zfs create -o encryption=on -o keylocation=prompt \ $TESTPOOL/$TESTFS2/c7 log_must eval "echo $PASSPHRASE | zfs create -o encryption=on" \ "-o keyformat=passphrase $TESTPOOL/$TESTFS2/c7" log_must eval "echo $PASSPHRASE | zfs create -o encryption=on" \ "-o keyformat=passphrase -o keylocation=prompt $TESTPOOL/$TESTFS2/c8" log_pass "ZFS creates datasets only if they have a valid combination of" \ "encryption properties set."