crimson/osd/MonClient: Introduce Client::_wipe_secrets_and_tickets())

author Matan Breizman <mbreizma@redhat.com>

Wed, 11 Jun 2025 09:38:59 +0000 (09:38 +0000)

committer Patrick Donnelly <pdonnell@ibm.com>

Mon, 13 Oct 2025 23:59:40 +0000 (19:59 -0400)
author Matan Breizman <mbreizma@redhat.com>
Wed, 11 Jun 2025 09:38:59 +0000 (09:38 +0000)
committer Patrick Donnelly <pdonnell@ibm.com>
Mon, 13 Oct 2025 23:59:40 +0000 (19:59 -0400)
diff --git a/src/crimson/mon/MonClient.cc b/src/crimson/mon/MonClient.cc

index aedbce1163ce99485f2aadd0293a494801b9faf7..55d369d006b0f2f74a54cfd0560486f0e490b195 100644 (file)
--- a/src/crimson/mon/MonClient.cc
+++ b/src/crimson/mon/MonClient.cc
@@ -81,6 +81,7 @@ public:
    bool is_my_peer(const entity_addr_t& addr) const;
    AuthAuthorizer* get_authorizer(entity_type_t peer) const;
    KeyStore& get_keys();
+  void _wipe_secrets_and_tickets();
    seastar::future<> renew_tickets();
    seastar::future<> renew_rotating_keyring();
  
@@ -149,6 +150,12 @@ seastar::future<> Connection::renew_tickets()
    }
  }
  
+void Connection::_wipe_secrets_and_tickets() {
+  logger().info("{}: wiping rotating secrets and invalidating tickets", __func__);
+  rotating_keyring->wipe();
+  auth->invalidate_all_tickets();
+}
+
  seastar::future<> Connection::renew_rotating_keyring()
  {
    auto&& conf = crimson::common::local_conf();
@@ -948,6 +955,16 @@ seastar::future<> Client::authenticate()
    });
  }
  
+seastar::future<> Client::_wipe_secrets_and_tickets()
+{
+  logger().info("{} wiping rotating secrets and invalidating tickets", __func__);
+  if (active_con) {
+    active_con->_wipe_secrets_and_tickets();
+  }
+  return _check_auth_tickets();
+}
+
+
  seastar::future<> Client::stop()
  {
    logger().info("{}", __func__);
diff --git a/src/crimson/mon/MonClient.h b/src/crimson/mon/MonClient.h

index cc17030e0686c46ec7f1742072ed6ba0920f20ed..2f603bdfd1cc55389e59db83d9188f87d0cc19eb 100644 (file)
--- a/src/crimson/mon/MonClient.h
+++ b/src/crimson/mon/MonClient.h
@@ -188,6 +188,8 @@ private:
    seastar::future<> load_keyring();
    seastar::future<> authenticate();
  
+  seastar::future<> _wipe_secrets_and_tickets();
+
    bool is_hunting() const;
    // @param rank, rank of the monitor to be connected, if it is less than 0,
    //              try to connect to all monitors in monmap, until one of them
author	Matan Breizman <mbreizma@redhat.com>
	Wed, 11 Jun 2025 09:38:59 +0000 (09:38 +0000)
committer	Patrick Donnelly <pdonnell@ibm.com>
	Mon, 13 Oct 2025 23:59:40 +0000 (19:59 -0400)
src/crimson/mon/MonClient.cc		patch \| blob \| history
src/crimson/mon/MonClient.h		patch \| blob \| history