crimson/mon/MonClient: call _wipe_secrets_and_tickets when needed

Signed-off-by: Matan Breizman <mbreizma@redhat.com>
Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 1ebde3b87d83ac9f4895074d0b5fc1d1e44c5bd6)

diff --git a/src/crimson/mon/MonClient.cc b/src/crimson/mon/MonClient.cc
index 0b201420e73e749ed0e5ae2d1b03af720462ae2e..87da62b19e2c5a4b57cae374f89c19645882693f 100644 (file)
--- a/src/crimson/mon/MonClient.cc
+++ b/src/crimson/mon/MonClient.cc
@@ -810,6 +810,8 @@ int Client::handle_auth_bad_method(crimson::net::Connection &conn,
 seastar::future<> Client::handle_monmap(crimson::net::Connection &conn,
                                         Ref<MMonMap> m)
 {
+  const auto old_auth_epoch = monmap.auth_epoch;
+
   monmap.decode(m->monmapbl);
   const auto peer_addr = conn.get_peer_addr();
   auto cur_mon = monmap.get_name(peer_addr);
@@ -825,6 +827,12 @@ seastar::future<> Client::handle_monmap(crimson::net::Connection &conn,
     }
   }
 
+  if (old_auth_epoch < monmap.auth_epoch) {
+    logger().warn("mon.{} auth epoch has changed: "
+                  "invalidating tickets and rotating secrets", cur_mon);
+    co_await _wipe_secrets_and_tickets();
+  }
+
   // TODO: we can probably renew tickets only if the session was reopened
   if (active_con) {
     logger().info("handle_monmap: renewing tickets");