crimson/mon/MonClient: call _wipe_secrets_and_tickets when needed

Signed-off-by: Matan Breizman <mbreizma@redhat.com>
Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>

diff --git a/src/crimson/mon/MonClient.cc b/src/crimson/mon/MonClient.cc
index 08d2a7fa1ab62a08ed3995de346c0b8b1ef43e65..2ab04b0d86217b3615010b8a4d7e9d9e8d0b1580 100644 (file)
--- a/src/crimson/mon/MonClient.cc
+++ b/src/crimson/mon/MonClient.cc
@@ -812,6 +812,8 @@ int Client::handle_auth_bad_method(crimson::net::Connection &conn,
 seastar::future<> Client::handle_monmap(crimson::net::Connection &conn,
                                         Ref<MMonMap> m)
 {
+  const auto old_auth_epoch = monmap.auth_epoch;
+
   monmap.decode(m->monmapbl);
   const auto peer_addr = conn.get_peer_addr();
   auto cur_mon = monmap.get_name(peer_addr);
@@ -827,6 +829,12 @@ seastar::future<> Client::handle_monmap(crimson::net::Connection &conn,
     }
   }
 
+  if (old_auth_epoch < monmap.auth_epoch) {
+    logger().warn("mon.{} auth epoch has changed: "
+                  "invalidating tickets and rotating secrets", cur_mon);
+    co_await _wipe_secrets_and_tickets();
+  }
+
   // TODO: we can probably renew tickets only if the session was reopened
   if (active_con) {
     logger().info("handle_monmap: renewing tickets");