1*11326df8STom Caputi#!/bin/ksh -p 2*11326df8STom Caputi# 3*11326df8STom Caputi# CDDL HEADER START 4*11326df8STom Caputi# 5*11326df8STom Caputi# This file and its contents are supplied under the terms of the 6*11326df8STom Caputi# Common Development and Distribution License ("CDDL"), version 1.0. 7*11326df8STom Caputi# You may only use this file in accordance with the terms of version 8*11326df8STom Caputi# 1.0 of the CDDL. 9*11326df8STom Caputi# 10*11326df8STom Caputi# A full copy of the text of the CDDL should have accompanied this 11*11326df8STom Caputi# source. A copy of the CDDL is also available via the Internet at 12*11326df8STom Caputi# http://www.illumos.org/license/CDDL. 13*11326df8STom Caputi# 14*11326df8STom Caputi# CDDL HEADER END 15*11326df8STom Caputi# 16*11326df8STom Caputi 17*11326df8STom Caputi# 18*11326df8STom Caputi# Copyright (c) 2017 Datto, Inc. All rights reserved. 19*11326df8STom Caputi# 20*11326df8STom Caputi 21*11326df8STom Caputi. $STF_SUITE/include/libtest.shlib 22*11326df8STom Caputi. $STF_SUITE/tests/functional/cli_root/zfs_load-key/zfs_load-key_common.kshlib 23*11326df8STom Caputi 24*11326df8STom Caputi# 25*11326df8STom Caputi# DESCRIPTION: 26*11326df8STom Caputi# 'zfs change-key' should correctly update encryption roots with clones. 27*11326df8STom Caputi# 28*11326df8STom Caputi# STRATEGY: 29*11326df8STom Caputi# 1. Create an encrypted dataset 30*11326df8STom Caputi# 2. Create an encryption root child of the first dataset 31*11326df8STom Caputi# 3. Clone the child encryption root twice 32*11326df8STom Caputi# 4. Add inheriting children to the encryption root and each of the clones 33*11326df8STom Caputi# 5. Verify the encryption roots 34*11326df8STom Caputi# 6. Have the child encryption root inherit from its parent 35*11326df8STom Caputi# 7. Verify the encryption root for all datasets is now the parent dataset 36*11326df8STom Caputi# 37*11326df8STom Caputi 38*11326df8STom Caputiverify_runnable "both" 39*11326df8STom Caputi 40*11326df8STom Caputifunction cleanup 41*11326df8STom Caputi{ 42*11326df8STom Caputi datasetexists $TESTPOOL/$TESTFS1 && \ 43*11326df8STom Caputi log_must zfs destroy -Rf $TESTPOOL/$TESTFS1 44*11326df8STom Caputi} 45*11326df8STom Caputi 46*11326df8STom Caputilog_onexit cleanup 47*11326df8STom Caputi 48*11326df8STom Caputilog_assert "'zfs change-key' should correctly update encryption " \ 49*11326df8STom Caputi "roots with clones" 50*11326df8STom Caputi 51*11326df8STom Caputilog_must eval "echo $PASSPHRASE1 | zfs create -o encryption=on" \ 52*11326df8STom Caputi "-o keyformat=passphrase -o keylocation=prompt $TESTPOOL/$TESTFS1" 53*11326df8STom Caputilog_must eval "echo $PASSPHRASE2 | zfs create -o encryption=on" \ 54*11326df8STom Caputi "-o keyformat=passphrase -o keylocation=prompt $TESTPOOL/$TESTFS1/child" 55*11326df8STom Caputilog_must zfs snapshot $TESTPOOL/$TESTFS1/child@1 56*11326df8STom Caputilog_must zfs clone $TESTPOOL/$TESTFS1/child@1 $TESTPOOL/$TESTFS1/clone1 57*11326df8STom Caputilog_must zfs clone $TESTPOOL/$TESTFS1/child@1 $TESTPOOL/$TESTFS1/clone2 58*11326df8STom Caputilog_must zfs create $TESTPOOL/$TESTFS1/child/A 59*11326df8STom Caputilog_must zfs create $TESTPOOL/$TESTFS1/clone1/B 60*11326df8STom Caputilog_must zfs create $TESTPOOL/$TESTFS1/clone2/C 61*11326df8STom Caputi 62*11326df8STom Caputilog_must verify_encryption_root $TESTPOOL/$TESTFS1 $TESTPOOL/$TESTFS1 63*11326df8STom Caputilog_must verify_encryption_root $TESTPOOL/$TESTFS1/child $TESTPOOL/$TESTFS1/child 64*11326df8STom Caputilog_must verify_encryption_root $TESTPOOL/$TESTFS1/clone1 $TESTPOOL/$TESTFS1/child 65*11326df8STom Caputilog_must verify_encryption_root $TESTPOOL/$TESTFS1/clone2 $TESTPOOL/$TESTFS1/child 66*11326df8STom Caputilog_must verify_encryption_root $TESTPOOL/$TESTFS1/child/A $TESTPOOL/$TESTFS1/child 67*11326df8STom Caputilog_must verify_encryption_root $TESTPOOL/$TESTFS1/clone1/B $TESTPOOL/$TESTFS1/child 68*11326df8STom Caputilog_must verify_encryption_root $TESTPOOL/$TESTFS1/clone2/C $TESTPOOL/$TESTFS1/child 69*11326df8STom Caputi 70*11326df8STom Caputilog_must zfs change-key -i $TESTPOOL/$TESTFS1/child 71*11326df8STom Caputi 72*11326df8STom Caputilog_must verify_encryption_root $TESTPOOL/$TESTFS1 $TESTPOOL/$TESTFS1 73*11326df8STom Caputilog_must verify_encryption_root $TESTPOOL/$TESTFS1/child $TESTPOOL/$TESTFS1 74*11326df8STom Caputilog_must verify_encryption_root $TESTPOOL/$TESTFS1/clone1 $TESTPOOL/$TESTFS1 75*11326df8STom Caputilog_must verify_encryption_root $TESTPOOL/$TESTFS1/clone2 $TESTPOOL/$TESTFS1 76*11326df8STom Caputilog_must verify_encryption_root $TESTPOOL/$TESTFS1/child/A $TESTPOOL/$TESTFS1 77*11326df8STom Caputilog_must verify_encryption_root $TESTPOOL/$TESTFS1/clone1/B $TESTPOOL/$TESTFS1 78*11326df8STom Caputilog_must verify_encryption_root $TESTPOOL/$TESTFS1/clone2/C $TESTPOOL/$TESTFS1 79*11326df8STom Caputi 80*11326df8STom Caputilog_pass "'zfs change-key' correctly updates encryption roots with clones" 81