From: Matan Breizman <mbreizma@redhat.com>
Date: Wed, 11 Jun 2025 09:38:59 +0000 (+0000)
Subject: crimson/osd/MonClient: Introduce Client::_wipe_secrets_and_tickets())
X-Git-Tag: testing/wip-pdonnell-testing-20260126.152838~76
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=9e46927277e4b38d3ddbabf1ee4fbd2ef3c78477;p=ceph-ci.git

crimson/osd/MonClient: Introduce Client::_wipe_secrets_and_tickets())

Similar to MonClient::_wipe_secrets_and_tickets())

Signed-off-by: Matan Breizman <mbreizma@redhat.com>
Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
---

diff --git a/src/crimson/mon/MonClient.cc b/src/crimson/mon/MonClient.cc
index 9123b6bf2d7..3202e3863ef 100644
--- a/src/crimson/mon/MonClient.cc
+++ b/src/crimson/mon/MonClient.cc
@@ -83,6 +83,7 @@ public:
   bool is_my_peer(const entity_addr_t& addr) const;
   AuthAuthorizer* get_authorizer(entity_type_t peer) const;
   KeyStore& get_keys();
+  void _wipe_secrets_and_tickets();
   seastar::future<> renew_tickets();
   seastar::future<> renew_rotating_keyring();
 
@@ -151,6 +152,12 @@ seastar::future<> Connection::renew_tickets()
   }
 }
 
+void Connection::_wipe_secrets_and_tickets() {
+  logger().info("{}: wiping rotating secrets and invalidating tickets", __func__);
+  rotating_keyring->wipe();
+  auth->invalidate_all_tickets();
+}
+
 seastar::future<> Connection::renew_rotating_keyring()
 {
   auto&& conf = crimson::common::local_conf();
@@ -950,6 +957,16 @@ seastar::future<> Client::authenticate()
   });
 }
 
+seastar::future<> Client::_wipe_secrets_and_tickets()
+{
+  logger().info("{} wiping rotating secrets and invalidating tickets", __func__);
+  if (active_con) {
+    active_con->_wipe_secrets_and_tickets();
+  }
+  return _check_auth_tickets();
+}
+
+
 seastar::future<> Client::stop()
 {
   logger().info("{}", __func__);
diff --git a/src/crimson/mon/MonClient.h b/src/crimson/mon/MonClient.h
index d2cfa3432be..8dede4756bc 100644
--- a/src/crimson/mon/MonClient.h
+++ b/src/crimson/mon/MonClient.h
@@ -188,6 +188,8 @@ private:
   seastar::future<> load_keyring();
   seastar::future<> authenticate();
 
+  seastar::future<> _wipe_secrets_and_tickets();
+
   bool is_hunting() const;
   // @param rank, rank of the monitor to be connected, if it is less than 0,
   //              try to connect to all monitors in monmap, until one of them