From: Matan Breizman <mbreizma@redhat.com>
Date: Thu, 12 Jun 2025 09:23:37 +0000 (+0000)
Subject: crimson/mon/MonClient: call _wipe_secrets_and_tickets when needed
X-Git-Tag: testing/wip-pdonnell-testing-20260126.152838~72
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=2c3a1aa32f98acd1d261feb896c41d628dcf6bbd;p=ceph-ci.git

crimson/mon/MonClient: call _wipe_secrets_and_tickets when needed

Signed-off-by: Matan Breizman <mbreizma@redhat.com>
Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
---

diff --git a/src/crimson/mon/MonClient.cc b/src/crimson/mon/MonClient.cc
index 08d2a7fa1ab..2ab04b0d862 100644
--- a/src/crimson/mon/MonClient.cc
+++ b/src/crimson/mon/MonClient.cc
@@ -812,6 +812,8 @@ int Client::handle_auth_bad_method(crimson::net::Connection &conn,
 seastar::future<> Client::handle_monmap(crimson::net::Connection &conn,
                                         Ref<MMonMap> m)
 {
+  const auto old_auth_epoch = monmap.auth_epoch;
+
   monmap.decode(m->monmapbl);
   const auto peer_addr = conn.get_peer_addr();
   auto cur_mon = monmap.get_name(peer_addr);
@@ -827,6 +829,12 @@ seastar::future<> Client::handle_monmap(crimson::net::Connection &conn,
     }
   }
 
+  if (old_auth_epoch < monmap.auth_epoch) {
+    logger().warn("mon.{} auth epoch has changed: "
+                  "invalidating tickets and rotating secrets", cur_mon);
+    co_await _wipe_secrets_and_tickets();
+  }
+
   // TODO: we can probably renew tickets only if the session was reopened
   if (active_con) {
     logger().info("handle_monmap: renewing tickets");