From: Patrick Donnelly <pdonnell@ibm.com>
Date: Fri, 9 May 2025 18:52:13 +0000 (-0400)
Subject: auth: add API to wipe rotating secrets
X-Git-Tag: testing/wip-pdonnell-testing-20260210.212535~98
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=e9dab662e12cc80187b4e1fd9ab9b21a4cc2da95;p=ceph-ci.git

auth: add API to wipe rotating secrets

This is for the service daemon's store of rotating service secrets.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
---

diff --git a/src/auth/Auth.h b/src/auth/Auth.h
index 1969a25519a..f9d52a1f1dc 100644
--- a/src/auth/Auth.h
+++ b/src/auth/Auth.h
@@ -360,6 +360,9 @@ struct RotatingSecrets {
   bool empty() {
     return secrets.empty();
   }
+  void wipe() {
+    secrets.clear();
+  }
 
   void dump();
   void dump(ceph::Formatter *f) const {
diff --git a/src/auth/RotatingKeyRing.cc b/src/auth/RotatingKeyRing.cc
index 4bc6af6adca..ccc5dbc2d02 100644
--- a/src/auth/RotatingKeyRing.cc
+++ b/src/auth/RotatingKeyRing.cc
@@ -28,6 +28,11 @@ void RotatingKeyRing::set_secrets(RotatingSecrets&& s)
   dump_rotating();
 }
 
+void RotatingKeyRing::wipe()
+{
+  secrets.wipe();
+}
+
 void RotatingKeyRing::dump_rotating() const
 {
   ldout(cct, 10) << "dump_rotating:" << dendl;
diff --git a/src/auth/RotatingKeyRing.h b/src/auth/RotatingKeyRing.h
index 5b1ae1e84dd..f7567616a6a 100644
--- a/src/auth/RotatingKeyRing.h
+++ b/src/auth/RotatingKeyRing.h
@@ -45,6 +45,7 @@ public:
   bool need_new_secrets(utime_t now) const;
   void set_secrets(RotatingSecrets&& s);
   void dump_rotating() const;
+  void wipe();
   bool get_secret(const EntityName& name, CryptoKey& secret) const override;
   bool get_service_secret(uint32_t service_id, uint64_t secret_id,
 			  CryptoKey& secret) const override;