From cf600271d47028aee0c6cf3d55b31f8376ed2981 Mon Sep 17 00:00:00 2001
From: Patrick Donnelly <pdonnell@ibm.com>
Date: Tue, 22 Jul 2025 16:51:32 -0400
Subject: [PATCH] common/options: remove auth_supported

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
---
 PendingReleaseNotes                  |  3 +++
 src/auth/AuthRegistry.cc             | 24 ++++++++++++++----------
 src/common/options/global.yaml.in    | 15 ++++++---------
 src/mon/Monitor.cc                   |  8 ++------
 src/test/mon/test_mon_workloadgen.cc |  2 --
 5 files changed, 25 insertions(+), 27 deletions(-)

diff --git a/PendingReleaseNotes b/PendingReleaseNotes
index 8a4b13f31a1..fa7653e39b2 100644
--- a/PendingReleaseNotes
+++ b/PendingReleaseNotes
@@ -9,6 +9,9 @@
   Admins can no longer enable the older, deprecated landing page layout by
   adjusting FEATURE_TOGGLE_DASHBOARD.
 * CephFS: The `peer_add` command is deprecated in favor of the `peer_bootstrap` command.
+>=21.0.0
+
+* The ``auth_supported`` config has been removed.
 
 >=20.0.0
 
diff --git a/src/auth/AuthRegistry.cc b/src/auth/AuthRegistry.cc
index 50c42bdf71c..729cf1f5858 100644
--- a/src/auth/AuthRegistry.cc
+++ b/src/auth/AuthRegistry.cc
@@ -36,7 +36,6 @@ AuthRegistry::~AuthRegistry()
 std::vector<std::string> AuthRegistry::get_tracked_keys() const noexcept
 {
   return {
-    "auth_supported"s,
     "auth_client_required"s,
     "auth_cluster_required"s,
     "auth_service_required"s,
@@ -113,15 +112,20 @@ void AuthRegistry::_parse_mode_list(const string& s,
 
 void AuthRegistry::_refresh_config()
 {
-  if (cct->_conf->auth_supported.size()) {
-    _parse_method_list(cct->_conf->auth_supported, &cluster_methods);
-    _parse_method_list(cct->_conf->auth_supported, &service_methods);
-    _parse_method_list(cct->_conf->auth_supported, &client_methods);
-  } else {
-    _parse_method_list(cct->_conf->auth_cluster_required, &cluster_methods);
-    _parse_method_list(cct->_conf->auth_service_required, &service_methods);
-    _parse_method_list(cct->_conf->auth_client_required, &client_methods);
-  }
+  auto cluster_required = cct->_conf.get_val<std::string>("auth_cluster_required");
+  auto service_required = cct->_conf.get_val<std::string>("auth_service_required");
+  auto client_required = cct->_conf.get_val<std::string>("auth_client_required");
+
+  ldout(cct,10) << __func__ << ": conf values "
+                << " cluster_required=" << cluster_required
+                << " service_required=" << service_required
+                << " client_required=" << client_required
+                << dendl;
+
+  _parse_method_list(cluster_required, &cluster_methods);
+  _parse_method_list(service_required, &service_methods);
+  _parse_method_list(client_required, &client_methods);
+
   _parse_mode_list(cct->_conf.get_val<string>("ms_mon_cluster_mode"),
 		   &mon_cluster_modes);
   _parse_mode_list(cct->_conf.get_val<string>("ms_mon_service_mode"),
diff --git a/src/common/options/global.yaml.in b/src/common/options/global.yaml.in
index 3306bdfade4..3a1481990f4 100644
--- a/src/common/options/global.yaml.in
+++ b/src/common/options/global.yaml.in
@@ -2152,7 +2152,8 @@ options:
    ``ceph-osd``, ``ceph-mds`` and ``ceph-mgr``) must authenticate with
    each other. Valid settings are ``cephx`` or ``none``.
   default: cephx
-  with_legacy: true
+  flags:
+    - runtime
 - name: auth_exit_on_failure
   type: int
   level: dev
@@ -2169,7 +2170,8 @@ options:
    to authenticate with the cluster in order to access
    Ceph services. Valid settings are ``cephx`` or ``none``.
   default: cephx
-  with_legacy: true
+  flags:
+    - runtime
 # what clients require of daemons
 - name: auth_client_required
   type: str
@@ -2179,13 +2181,8 @@ options:
    authenticate with Ceph clients. Valid settings are ``cephx``
    or ``none``.
   default: cephx, none
-  with_legacy: true
-# deprecated; default value for above if they are not defined.
-- name: auth_supported
-  type: str
-  level: advanced
-  desc: Authentication methods required (deprecated)
-  with_legacy: true
+  flags:
+    - runtime
 - name: max_rotating_auth_attempts
   type: int
   level: advanced
diff --git a/src/mon/Monitor.cc b/src/mon/Monitor.cc
index f9f55e58df4..735a98c9b00 100644
--- a/src/mon/Monitor.cc
+++ b/src/mon/Monitor.cc
@@ -177,12 +177,8 @@ Monitor::Monitor(CephContext* cct_, string nm, MonitorDBStore *s,
   logger(NULL), cluster_logger(NULL), cluster_logger_registered(false),
   monmap(map),
   log_client(cct_, messenger, monmap, LogClient::FLAG_MON),
-  auth_cluster_required(cct,
-			cct->_conf->auth_supported.empty() ?
-			cct->_conf->auth_cluster_required : cct->_conf->auth_supported),
-  auth_service_required(cct,
-			cct->_conf->auth_supported.empty() ?
-			cct->_conf->auth_service_required : cct->_conf->auth_supported),
+  auth_cluster_required(cct, cct->_conf.get_val<std::string>("auth_cluster_required")),
+  auth_service_required(cct, cct->_conf.get_val<std::string>("auth_service_required")),
   mgr_messenger(mgr_m),
   mgr_client(cct_, mgr_m, monmap),
   gss_ktfile_client(cct->_conf.get_val<std::string>("gss_ktab_client_file")),
diff --git a/src/test/mon/test_mon_workloadgen.cc b/src/test/mon/test_mon_workloadgen.cc
index 22e1845b06c..9878e8db638 100644
--- a/src/test/mon/test_mon_workloadgen.cc
+++ b/src/test/mon/test_mon_workloadgen.cc
@@ -356,8 +356,6 @@ class OSDStub : public TestStub
       gen(whoami),
       mon_osd_rng(STUB_MON_OSD_FIRST, STUB_MON_OSD_LAST)
   {
-    dout(20) << __func__ << " auth supported: "
-	     << cct->_conf->auth_supported << dendl;
     stringstream ss;
     ss << "client-osd" << whoami;
     std::string public_msgr_type = cct->_conf->ms_public_type.empty() ? cct->_conf.get_val<std::string>("ms_type") : cct->_conf->ms_public_type;
-- 
2.39.5