1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
|
package s3api
import (
"bytes"
"testing"
"github.com/seaweedfs/seaweedfs/weed/pb/filer_pb"
"github.com/seaweedfs/seaweedfs/weed/util"
)
// TestCreateDestinationChunkPreservesEncryption tests that createDestinationChunk preserves CipherKey and IsCompressed
func TestCreateDestinationChunkPreservesEncryption(t *testing.T) {
s3a := &S3ApiServer{}
testCases := []struct {
name string
sourceChunk *filer_pb.FileChunk
expectedOffset int64
expectedSize uint64
shouldPreserveCK bool
shouldPreserveIC bool
}{
{
name: "Encrypted and compressed chunk",
sourceChunk: &filer_pb.FileChunk{
Offset: 0,
Size: 1024,
CipherKey: []byte("test-cipher-key-1234567890123456"),
IsCompressed: true,
ETag: "test-etag",
},
expectedOffset: 0,
expectedSize: 1024,
shouldPreserveCK: true,
shouldPreserveIC: true,
},
{
name: "Only encrypted chunk",
sourceChunk: &filer_pb.FileChunk{
Offset: 1024,
Size: 2048,
CipherKey: []byte("test-cipher-key-1234567890123456"),
IsCompressed: false,
ETag: "test-etag-2",
},
expectedOffset: 1024,
expectedSize: 2048,
shouldPreserveCK: true,
shouldPreserveIC: false,
},
{
name: "Only compressed chunk",
sourceChunk: &filer_pb.FileChunk{
Offset: 2048,
Size: 512,
CipherKey: nil,
IsCompressed: true,
ETag: "test-etag-3",
},
expectedOffset: 2048,
expectedSize: 512,
shouldPreserveCK: false,
shouldPreserveIC: true,
},
{
name: "Unencrypted and uncompressed chunk",
sourceChunk: &filer_pb.FileChunk{
Offset: 4096,
Size: 1024,
CipherKey: nil,
IsCompressed: false,
ETag: "test-etag-4",
},
expectedOffset: 4096,
expectedSize: 1024,
shouldPreserveCK: false,
shouldPreserveIC: false,
},
}
for _, tc := range testCases {
t.Run(tc.name, func(t *testing.T) {
dstChunk := s3a.createDestinationChunk(tc.sourceChunk, tc.expectedOffset, tc.expectedSize)
// Verify offset and size
if dstChunk.Offset != tc.expectedOffset {
t.Errorf("Expected offset %d, got %d", tc.expectedOffset, dstChunk.Offset)
}
if dstChunk.Size != tc.expectedSize {
t.Errorf("Expected size %d, got %d", tc.expectedSize, dstChunk.Size)
}
// Verify CipherKey preservation
if tc.shouldPreserveCK {
if !bytes.Equal(dstChunk.CipherKey, tc.sourceChunk.CipherKey) {
t.Errorf("CipherKey not preserved: expected %v, got %v", tc.sourceChunk.CipherKey, dstChunk.CipherKey)
}
} else {
if len(dstChunk.CipherKey) > 0 {
t.Errorf("Expected no CipherKey, got %v", dstChunk.CipherKey)
}
}
// Verify IsCompressed preservation
if dstChunk.IsCompressed != tc.shouldPreserveIC {
t.Errorf("IsCompressed not preserved: expected %v, got %v", tc.shouldPreserveIC, dstChunk.IsCompressed)
}
// Verify ETag preservation
if dstChunk.ETag != tc.sourceChunk.ETag {
t.Errorf("ETag not preserved: expected %s, got %s", tc.sourceChunk.ETag, dstChunk.ETag)
}
})
}
}
// TestEncryptedVolumeCopyScenario documents the expected behavior for encrypted volumes (issue #7530)
func TestEncryptedVolumeCopyScenario(t *testing.T) {
t.Run("Scenario: Copy file on encrypted volume with multiple chunks", func(t *testing.T) {
// Scenario description for issue #7530:
// 1. Volume is started with -filer.encryptVolumeData
// 2. File is uploaded via S3 (automatically encrypted, multiple chunks)
// 3. File is copied/renamed via S3 CopyObject
// 4. Copied file should be readable
//
// The bug was that IsCompressed flag was not preserved during copy,
// causing the upload logic to potentially double-compress the data,
// making the copied file unreadable.
sourceChunks := []*filer_pb.FileChunk{
{
FileId: "1,abc123",
Offset: 0,
Size: 4194304,
CipherKey: util.GenCipherKey(), // Simulates encrypted volume
IsCompressed: true, // Simulates compression
ETag: "etag1",
},
{
FileId: "2,def456",
Offset: 4194304,
Size: 4194304,
CipherKey: util.GenCipherKey(),
IsCompressed: true,
ETag: "etag2",
},
}
s3a := &S3ApiServer{}
// Verify that createDestinationChunk preserves all necessary metadata
for i, srcChunk := range sourceChunks {
dstChunk := s3a.createDestinationChunk(srcChunk, srcChunk.Offset, srcChunk.Size)
// Critical checks for issue #7530
if !dstChunk.IsCompressed {
t.Errorf("Chunk %d: IsCompressed flag MUST be preserved to prevent double-compression", i)
}
if !bytes.Equal(dstChunk.CipherKey, srcChunk.CipherKey) {
t.Errorf("Chunk %d: CipherKey MUST be preserved for encrypted volumes", i)
}
if dstChunk.Offset != srcChunk.Offset {
t.Errorf("Chunk %d: Offset must be preserved", i)
}
if dstChunk.Size != srcChunk.Size {
t.Errorf("Chunk %d: Size must be preserved", i)
}
if dstChunk.ETag != srcChunk.ETag {
t.Errorf("Chunk %d: ETag must be preserved", i)
}
}
t.Log("✓ All chunk metadata properly preserved for encrypted volume copy scenario")
})
}
|
