Maxim Levitsky 11d80bfc6d iotests: qemu-img tests for luks key management
This commit adds two tests, which test the new amend interface
of both luks raw images and qcow2 luks encrypted images.

Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
[mreitz: Let 293 verify that LUKS works; drop $(seq) usage from 293;
         drop 293 and 294 from the auto group]
Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-Id: <20200625125548.870061-16-mreitz@redhat.com>
2020-07-06 08:49:28 +02:00

100 lines
3.9 KiB
Plaintext

QA output created by 293
== creating a test image ==
Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=33554432
== test that key 0 opens the image ==
read 4096/4096 bytes at offset 0
4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
== adding a password to slot 4 ==
== adding a password to slot 1 ==
== adding a password to slot 3 ==
== adding a password to slot 2 ==
== erase slot 4 ==
== all secrets should work ==
read 4096/4096 bytes at offset 0
4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
read 4096/4096 bytes at offset 0
4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
read 4096/4096 bytes at offset 0
4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
read 4096/4096 bytes at offset 0
4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
== erase slot 0 and try it ==
qemu-io: can't open: Invalid password, cannot unlock any keyslot
== erase slot 2 and try it ==
qemu-io: can't open: Invalid password, cannot unlock any keyslot
== filling 4 slots with secret 2 ==
== adding secret 0 ==
== adding secret 3 (last slot) ==
== trying to add another slot (should fail) ==
qemu-img: Can't add a keyslot - all keyslots are in use
== all secrets should work again ==
read 4096/4096 bytes at offset 0
4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
read 4096/4096 bytes at offset 0
4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
read 4096/4096 bytes at offset 0
4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
read 4096/4096 bytes at offset 0
4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
== erase all keys of secret 2==
== erase all keys of secret 1==
== erase all keys of secret 0==
== erasing secret3 will fail now since it is the only secret (in 3 slots) ==
qemu-img: All the active keyslots match the (old) password that was given and erasing them will erase all the data in the image irreversibly - refusing operation
== only secret3 should work now ==
qemu-io: can't open: Invalid password, cannot unlock any keyslot
qemu-io: can't open: Invalid password, cannot unlock any keyslot
qemu-io: can't open: Invalid password, cannot unlock any keyslot
read 4096/4096 bytes at offset 0
4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
== add secret0 ==
== erase secret3 ==
== only secret0 should work now ==
read 4096/4096 bytes at offset 0
4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
qemu-io: can't open: Invalid password, cannot unlock any keyslot
qemu-io: can't open: Invalid password, cannot unlock any keyslot
qemu-io: can't open: Invalid password, cannot unlock any keyslot
== replace secret0 with secret1 (should fail) ==
qemu-img: Refusing to overwrite active keyslot 0 - please erase it first
== replace secret0 with secret1 with force (should work) ==
== only secret1 should work now ==
qemu-io: can't open: Invalid password, cannot unlock any keyslot
read 4096/4096 bytes at offset 0
4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
qemu-io: can't open: Invalid password, cannot unlock any keyslot
qemu-io: can't open: Invalid password, cannot unlock any keyslot
== erase last secret (should fail) ==
qemu-img: Attempt to erase the only active keyslot 0 which will erase all the data in the image irreversibly - refusing operation
qemu-img: All the active keyslots match the (old) password that was given and erasing them will erase all the data in the image irreversibly - refusing operation
== erase non existing secrets (should fail) ==
qemu-img: No secret with id 'sec5'
qemu-img: No keyslots match given (old) password for erase operation
== erase last secret with force by slot (should work) ==
== we have no secrets now, data is lost forever ==
qemu-io: can't open: Invalid password, cannot unlock any keyslot
qemu-io: can't open: Invalid password, cannot unlock any keyslot
qemu-io: can't open: Invalid password, cannot unlock any keyslot
qemu-io: can't open: Invalid password, cannot unlock any keyslot
*** done