From: Patrick Donnelly Date: Mon, 7 Jul 2025 19:11:55 +0000 (-0400) Subject: qa/tasks/ceph: add key pruning task X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=b33550e728fa5efc2d2f949330f7961df3996e9e;p=ceph-ci.git qa/tasks/ceph: add key pruning task To remove keys we don't care about and will raise warnings if left behind. Signed-off-by: Patrick Donnelly --- diff --git a/qa/tasks/ceph.py b/qa/tasks/ceph.py index 9e735dc4ef0..75fea606dfb 100644 --- a/qa/tasks/ceph.py +++ b/qa/tasks/ceph.py @@ -11,6 +11,7 @@ import argparse import configobj import contextlib import errno +import fnmatch import logging import os import json @@ -1632,11 +1633,50 @@ def _wait_for_up_and_clean(ctx, manager): manager.wait_for_clean() @contextlib.contextmanager -def key_rotate(ctx, config): +def key_prune(ctx, config): """ - rotate keys on ceph daemons + prune keys For example:: + tasks: + - ceph.key_prune: [client.bootstrap-.*] + + :param ctx: Context + :param config: Configuration + """ + if config is None: + config = {} + elif isinstance(config, list): + config = {'keys': config} + + testdir = teuthology.get_testdir(ctx) + + cluster_name = config.setdefault('cluster', 'ceph') + manager = ctx.managers[cluster_name] + + for key_glob in config['keys']: + log.info("removing keys matching {}", key_glob) + + p = manager.ceph("auth ls --format=json") + credentials = json.loads(p.stdout.getvalue()) + entities = [c['entity'] for c in credentials['auth_dump']] + + log.debug("entities: {}", entities) + + matches = fnmatch.filter(entities, key_glob) + + for m in matches: + log.info("removing key {}", m) + manager.ceph(f"auth rm {m}") + + yield + +@contextlib.contextmanager +def key_rotate(ctx, config): + """ + rotate keys on ceph daemons + + For example:: tasks: - ceph.key_rotate: [all]