From 4d77f1dcc67dc550d347ef9d38b95a17332a7da5 Mon Sep 17 00:00:00 2001
From: Matan Breizman <mbreizma@redhat.com>
Date: Wed, 11 Jun 2025 09:38:59 +0000
Subject: [PATCH] crimson/osd/MonClient: Introduce
 Client::_wipe_secrets_and_tickets())

Similar to MonClient::_wipe_secrets_and_tickets())

Signed-off-by: Matan Breizman <mbreizma@redhat.com>
Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
(cherry picked from commit 74d1ea4ed05a601c35bfb4af3d6ab14eb866427a)
---
 src/crimson/mon/MonClient.cc | 17 +++++++++++++++++
 src/crimson/mon/MonClient.h  |  2 ++
 2 files changed, 19 insertions(+)

diff --git a/src/crimson/mon/MonClient.cc b/src/crimson/mon/MonClient.cc
index a98815383de..5ff6501ba9f 100644
--- a/src/crimson/mon/MonClient.cc
+++ b/src/crimson/mon/MonClient.cc
@@ -83,6 +83,7 @@ public:
   bool is_my_peer(const entity_addr_t& addr) const;
   AuthAuthorizer* get_authorizer(entity_type_t peer) const;
   KeyStore& get_keys();
+  void _wipe_secrets_and_tickets();
   seastar::future<> renew_tickets();
   seastar::future<> renew_rotating_keyring();
 
@@ -151,6 +152,12 @@ seastar::future<> Connection::renew_tickets()
   }
 }
 
+void Connection::_wipe_secrets_and_tickets() {
+  logger().info("{}: wiping rotating secrets and invalidating tickets", __func__);
+  rotating_keyring->wipe();
+  auth->invalidate_all_tickets();
+}
+
 seastar::future<> Connection::renew_rotating_keyring()
 {
   auto&& conf = crimson::common::local_conf();
@@ -942,6 +949,16 @@ seastar::future<> Client::authenticate()
   });
 }
 
+seastar::future<> Client::_wipe_secrets_and_tickets()
+{
+  logger().info("{} wiping rotating secrets and invalidating tickets", __func__);
+  if (active_con) {
+    active_con->_wipe_secrets_and_tickets();
+  }
+  return _check_auth_tickets();
+}
+
+
 seastar::future<> Client::stop()
 {
   logger().info("{}", __func__);
diff --git a/src/crimson/mon/MonClient.h b/src/crimson/mon/MonClient.h
index 102bb182942..51f4d1f765c 100644
--- a/src/crimson/mon/MonClient.h
+++ b/src/crimson/mon/MonClient.h
@@ -187,6 +187,8 @@ private:
   seastar::future<> load_keyring();
   seastar::future<> authenticate();
 
+  seastar::future<> _wipe_secrets_and_tickets();
+
   bool is_hunting() const;
   // @param rank, rank of the monitor to be connected, if it is less than 0,
   //              try to connect to all monitors in monmap, until one of them
-- 
2.39.5