auth: add API to wipe rotating secrets

This is for the service daemon's store of rotating service secrets.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>

diff --git a/src/auth/Auth.h b/src/auth/Auth.h
index 1969a25519a0467baca51d4a24e665a262810322..f9d52a1f1dc15a2c1b8814e6bf691574a47f1876 100644 (file)
--- a/src/auth/Auth.h
+++ b/src/auth/Auth.h
@@ -360,6 +360,9 @@ struct RotatingSecrets {
   bool empty() {
     return secrets.empty();
   }
+  void wipe() {
+    secrets.clear();
+  }
 
   void dump();
   void dump(ceph::Formatter *f) const {

diff --git a/src/auth/RotatingKeyRing.cc b/src/auth/RotatingKeyRing.cc
index 4bc6af6adcad369032098e51f3110e33cf4566df..ccc5dbc2d0214663a5e9adbec7f4137cd93dd534 100644 (file)
--- a/src/auth/RotatingKeyRing.cc
+++ b/src/auth/RotatingKeyRing.cc
@@ -28,6 +28,11 @@ void RotatingKeyRing::set_secrets(RotatingSecrets&& s)
   dump_rotating();
 }
 
+void RotatingKeyRing::wipe()
+{
+  secrets.wipe();
+}
+
 void RotatingKeyRing::dump_rotating() const
 {
   ldout(cct, 10) << "dump_rotating:" << dendl;

diff --git a/src/auth/RotatingKeyRing.h b/src/auth/RotatingKeyRing.h
index 5b1ae1e84dd0c4f164e318641382a96d4775cf04..f7567616a6a3d8f706e0e823f031d6459e68f941 100644 (file)
--- a/src/auth/RotatingKeyRing.h
+++ b/src/auth/RotatingKeyRing.h
@@ -45,6 +45,7 @@ public:
   bool need_new_secrets(utime_t now) const;
   void set_secrets(RotatingSecrets&& s);
   void dump_rotating() const;
+  void wipe();
   bool get_secret(const EntityName& name, CryptoKey& secret) const override;
   bool get_service_secret(uint32_t service_id, uint64_t secret_id,
                          CryptoKey& secret) const override;