From 34ba1a58bb19fcb5202ac6c36d083de85d339099 Mon Sep 17 00:00:00 2001
From: Sage Weil <sage@newdream.net>
Date: Mon, 25 Oct 2021 16:00:42 -0400
Subject: [PATCH] mgr/cephadm: deploy pending_key when possible

Also, leave out the caps.

Signed-off-by: Sage Weil <sage@newdream.net>
Signed-off-by: Radoslaw Zarzynski <rzarzyns@redhat.com>
---
 .../mgr/cephadm/services/cephadmservice.py      | 17 ++++++++++++++++-
 src/pybind/mgr/cephadm/tests/test_services.py   |  5 +++++
 2 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/src/pybind/mgr/cephadm/services/cephadmservice.py b/src/pybind/mgr/cephadm/services/cephadmservice.py
index ff9d9267917..eac46f6c378 100644
--- a/src/pybind/mgr/cephadm/services/cephadmservice.py
+++ b/src/pybind/mgr/cephadm/services/cephadmservice.py
@@ -244,7 +244,22 @@ class CephadmService(metaclass=ABCMeta):
                 'entity': entity,
             })
             if err:
-                self.mgr.log.warning(f"Unable to fetch keyring for {entity}")
+                raise OrchestratorError(f"Unable to fetch keyring for {entity}: {err}")
+
+        # strip down keyring
+        #  - don't include caps (auth get includes them; get-or-create does not)
+        #  - use pending key if present
+        key = None
+        for line in keyring.splitlines():
+            if ' = ' not in line:
+                continue
+            line = line.strip()
+            (ls, rs) = line.split(' = ', 1)
+            if ls == 'key' and not key:
+                key = rs
+            if ls == 'pending key':
+                key = rs
+        keyring = f'[{entity}]\nkey = {key}\n'
         return keyring
 
     def _inventory_get_fqdn(self, hostname: str) -> str:
diff --git a/src/pybind/mgr/cephadm/tests/test_services.py b/src/pybind/mgr/cephadm/tests/test_services.py
index 22e58317af0..1db3e91a24f 100644
--- a/src/pybind/mgr/cephadm/tests/test_services.py
+++ b/src/pybind/mgr/cephadm/tests/test_services.py
@@ -45,6 +45,8 @@ class FakeMgr:
         if prefix == 'set-cmd':
             self.config = cmd_dict.get('value')
             return 0, 'value set', ''
+        if prefix in ['auth get']:
+            return 0, '[foo]\nkeyring = asdf\n', ''
         return -1, '', 'error'
 
     def get_minimal_ceph_conf(self) -> str:
@@ -185,9 +187,12 @@ class TestISCSIService:
         expected_call2 = call({'prefix': 'auth caps',
                                'entity': 'client.iscsi.a',
                                'caps': expected_caps})
+        expected_call3 = call({'prefix': 'auth get',
+                               'entity': 'client.iscsi.a'})
 
         assert expected_call in self.mgr.mon_command.mock_calls
         assert expected_call2 in self.mgr.mon_command.mock_calls
+        assert expected_call3 in self.mgr.mon_command.mock_calls
 
     @patch('cephadm.utils.resolve_ip')
     def test_iscsi_dashboard_config(self, mock_resolve_ip):
-- 
2.39.5