crimson/monc: unify handling auth_service_ticket_ttl with classical OSD

In the classical `MonClient` the `auth_service_ticket_ttl` is lower
bounded to `30` units.

```cpp
  utime_t now = ceph_clock_now();
  utime_t cutoff = now;
  cutoff -= std::min(30.0, cct->_conf->auth_service_ticket_ttl / 4.0);
  utime_t issued_at_lower_bound = now;
  issued_at_lower_bound -= cct->_conf->auth_service_ticket_ttl;
  if (!rotating_secrets->need_new_secrets(cutoff)) {
    ldout(cct, 10) << "_check_auth_rotating have uptodate secrets (they expire after " << cutoff << ")" << dendl;
    rotating_secrets->dump_rotating();
    return 0;
  }
```

The unification affects also the debug mesages.

Signed-off-by: Radoslaw Zarzynski <rzarzyns@redhat.com>

diff --git a/src/crimson/mon/MonClient.cc b/src/crimson/mon/MonClient.cc
index 7f2b821b5861cf65bfec57ddd732ce13258d3f00..aee0c517019043676a0707d4072480a0cb334b64 100644 (file)
--- a/src/crimson/mon/MonClient.cc
+++ b/src/crimson/mon/MonClient.cc
@@ -156,9 +156,14 @@ seastar::future<> Connection::renew_rotating_keyring()
   auto now = clock_t::now();
   auto ttl = std::chrono::seconds{
     static_cast<long>(crimson::common::local_conf()->auth_service_ticket_ttl)};
-  auto cutoff = now - ttl / 4;
-  if (!rotating_keyring->need_new_secrets(utime_t(cutoff))) {
+  auto cutoff = utime_t{now - std::min(std::chrono::seconds{30}, ttl / 4)};
+  if (!rotating_keyring->need_new_secrets(cutoff)) {
+    logger().debug("renew_rotating_keyring secrets are up-to-date "
+                   "(they expire after {})", cutoff);
     return seastar::now();
+  } else {
+    logger().info("renew_rotating_keyring renewing rotating keys "
+                  " (they expired before {})", cutoff);
   }
   if (now - last_rotating_renew_sent < std::chrono::seconds{1}) {
     logger().info("renew_rotating_keyring called too often");