xref: /illumos-gate/usr/src/test/zfs-tests/tests/functional/cli_root/zpool_create/zpool_create_encrypted.ksh (revision f52943a93040563107b95bccb9db87d9971ef47d) 
1#!/bin/ksh -p
2#
3# CDDL HEADER START
4#
5# This file and its contents are supplied under the terms of the
6# Common Development and Distribution License ("CDDL"), version 1.0.
7# You may only use this file in accordance with the terms of version
8# 1.0 of the CDDL.
9#
10# A full copy of the text of the CDDL should have accompanied this
11# source.  A copy of the CDDL is also available via the Internet at
12# http://www.illumos.org/license/CDDL.
13#
14# CDDL HEADER END
15#
16
17#
18# Copyright (c) 2017, Datto, Inc. All rights reserved.
19#
20
21. $STF_SUITE/include/libtest.shlib
22. $STF_SUITE/tests/functional/cli_root/zfs_load-key/zfs_load-key_common.kshlib
23
24#
25# DESCRIPTION:
26# 'zpool create' should create an encrypted dataset only if it has a valid
27# combination of encryption properties set.
28#
29# enc	= encryption
30# loc	= keylocation provided
31# fmt	= keyformat provided
32#
33# U = unspecified
34# N = off
35# Y = on
36#
37# enc	fmt	loc	valid	notes
38# -------------------------------------------
39# U	0	1	no	no crypt specified
40# U	1	0	no	no crypt specified
41# U	1	1	no	no crypt specified
42# N	0	0	yes	explicit no encryption
43# N	0	1	no	keylocation given, but crypt off
44# N	1	0	no	keyformat given, but crypt off
45# N	1	1	no	keyformat given, but crypt off
46# Y	0	0	no	no keyformat specified for new key
47# Y	0	1	no	no keyformat specified for new key
48# Y	1	0	yes	new encryption root
49# Y	1	1	yes	new encryption root
50#
51# STRATEGY:
52# 1. Attempt to create a dataset using all combinations of encryption
53#    properties
54#
55
56verify_runnable "global"
57
58function cleanup
59{
60	poolexists $TESTPOOL && destroy_pool $TESTPOOL
61}
62log_onexit cleanup
63
64log_assert "'zpool create' should create an encrypted dataset only if it" \
65	"has a valid combination of encryption properties set."
66
67log_mustnot zpool create -O keylocation=prompt $TESTPOOL $DISKS
68log_mustnot zpool create -O keyformat=passphrase $TESTPOOL $DISKS
69log_mustnot zpool create -O keyformat=passphrase -O keylocation=prompt \
70	$TESTPOOL $DISKS
71
72log_must zpool create -O encryption=off $TESTPOOL $DISKS
73log_must zpool destroy $TESTPOOL
74
75log_mustnot zpool create -O encryption=off -O keylocation=prompt \
76	$TESTPOOL $DISKS
77log_mustnot zpool create -O encryption=off -O keyformat=passphrase \
78	$TESTPOOL $DISKS
79log_mustnot zpool create -O encryption=off -O keyformat=passphrase \
80	-O keylocation=prompt $TESTPOOL $DISKS
81
82log_mustnot zpool create -O encryption=on $TESTPOOL $DISKS
83log_mustnot zpool create -O encryption=on -O keylocation=prompt \
84	$TESTPOOL $DISKS
85
86log_must eval "echo $PASSPHRASE | zpool create -O encryption=on" \
87	"-O keyformat=passphrase $TESTPOOL $DISKS"
88log_must zpool destroy $TESTPOOL
89
90log_must eval "echo $PASSPHRASE | zpool create -O encryption=on" \
91	"-O keyformat=passphrase -O keylocation=prompt $TESTPOOL $DISKS"
92log_must zpool destroy $TESTPOOL
93
94log_pass "'zpool create' creates an encrypted dataset only if it has a" \
95	"valid combination of encryption properties set."
96