From f7292b43a6c5df6d97b2d11911a0605292f86968 Mon Sep 17 00:00:00 2001 From: Patrick Donnelly Date: Mon, 7 Jul 2025 15:11:55 -0400 Subject: [PATCH] qa/tasks/ceph: add key pruning task To remove keys we don't care about and will raise warnings if left behind. Signed-off-by: Patrick Donnelly (cherry picked from commit 70c0e678072519cd4d5a4e9f2c6d80d94e12de19) --- qa/tasks/ceph.py | 44 ++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 42 insertions(+), 2 deletions(-) diff --git a/qa/tasks/ceph.py b/qa/tasks/ceph.py index 9eb5625ff37..ae681d8febd 100644 --- a/qa/tasks/ceph.py +++ b/qa/tasks/ceph.py @@ -11,6 +11,7 @@ import argparse import configobj import contextlib import errno +import fnmatch import logging import os import json @@ -1633,11 +1634,50 @@ def _wait_for_up_and_clean(ctx, manager): manager.wait_for_clean() @contextlib.contextmanager -def key_rotate(ctx, config): +def key_prune(ctx, config): """ - rotate keys on ceph daemons + prune keys For example:: + tasks: + - ceph.key_prune: [client.bootstrap-.*] + + :param ctx: Context + :param config: Configuration + """ + if config is None: + config = {} + elif isinstance(config, list): + config = {'keys': config} + + testdir = teuthology.get_testdir(ctx) + + cluster_name = config.setdefault('cluster', 'ceph') + manager = ctx.managers[cluster_name] + + for key_glob in config['keys']: + log.info("removing keys matching {}", key_glob) + + p = manager.ceph("auth ls --format=json") + credentials = json.loads(p.stdout.getvalue()) + entities = [c['entity'] for c in credentials['auth_dump']] + + log.debug("entities: {}", entities) + + matches = fnmatch.filter(entities, key_glob) + + for m in matches: + log.info("removing key {}", m) + manager.ceph(f"auth rm {m}") + + yield + +@contextlib.contextmanager +def key_rotate(ctx, config): + """ + rotate keys on ceph daemons + + For example:: tasks: - ceph.key_rotate: [all] -- 2.39.5