From: Patrick Donnelly <pdonnell@ibm.com>
Date: Fri, 9 May 2025 18:52:13 +0000 (-0400)
Subject: auth: add API to wipe rotating secrets
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=9ef11271e9dc54096d336dbec4302b297eec70f0;p=ceph-ci.git

auth: add API to wipe rotating secrets

This is for the service daemon's store of rotating service secrets.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
---

diff --git a/src/auth/Auth.h b/src/auth/Auth.h
index 7752d68dcaa..05b26d88bac 100644
--- a/src/auth/Auth.h
+++ b/src/auth/Auth.h
@@ -359,6 +359,9 @@ struct RotatingSecrets {
   bool empty() {
     return secrets.empty();
   }
+  void wipe() {
+    secrets.clear();
+  }
 
   void dump();
   void dump(ceph::Formatter *f) const {
diff --git a/src/auth/RotatingKeyRing.cc b/src/auth/RotatingKeyRing.cc
index 4bc6af6adca..ccc5dbc2d02 100644
--- a/src/auth/RotatingKeyRing.cc
+++ b/src/auth/RotatingKeyRing.cc
@@ -28,6 +28,11 @@ void RotatingKeyRing::set_secrets(RotatingSecrets&& s)
   dump_rotating();
 }
 
+void RotatingKeyRing::wipe()
+{
+  secrets.wipe();
+}
+
 void RotatingKeyRing::dump_rotating() const
 {
   ldout(cct, 10) << "dump_rotating:" << dendl;
diff --git a/src/auth/RotatingKeyRing.h b/src/auth/RotatingKeyRing.h
index 534eb513608..4ae51b3c602 100644
--- a/src/auth/RotatingKeyRing.h
+++ b/src/auth/RotatingKeyRing.h
@@ -44,6 +44,7 @@ public:
   bool need_new_secrets(utime_t now) const;
   void set_secrets(RotatingSecrets&& s);
   void dump_rotating() const;
+  void wipe();
   bool get_secret(const EntityName& name, CryptoKey& secret) const override;
   bool get_service_secret(uint32_t service_id, uint64_t secret_id,
 			  CryptoKey& secret) const override;