pybind/volumes/nfs: set mds caps according to user specified access type

Signed-off-by: Varsha Rao <varao@redhat.com>

diff --git a/src/pybind/mgr/volumes/fs/nfs.py b/src/pybind/mgr/volumes/fs/nfs.py
index 699e4852316fd76578a070c2ce58242c3fa1fd44..b9a16c974fd37f40a9795d6ab37de0226a0b41f0 100644 (file)
--- a/src/pybind/mgr/volumes/fs/nfs.py
+++ b/src/pybind/mgr/volumes/fs/nfs.py
@@ -463,14 +463,16 @@ class FSExport(object):
         except KeyError:
             pass
 
-    def _create_user_key(self, entity, path, fs_name):
+    def _create_user_key(self, entity, path, fs_name, fs_ro):
         osd_cap = 'allow rw pool={} namespace={}, allow rw tag cephfs data={}'.format(
                 self.rados_pool, self.rados_namespace, fs_name)
+        access_type = 'r' if fs_ro else 'rw'
 
         ret, out, err = self.mgr.check_mon_command({
             'prefix': 'auth get-or-create',
             'entity': 'client.{}'.format(entity),
-            'caps': ['mon', 'allow r', 'osd', osd_cap, 'mds', 'allow rw path={}'.format(path)],
+            'caps': ['mon', 'allow r', 'osd', osd_cap, 'mds', 'allow {} path={}'.format(
+                access_type, path)],
             'format': 'json',
             })
 
@@ -563,7 +565,7 @@ class FSExport(object):
             if not self._fetch_export(pseudo_path):
                 ex_id = self._gen_export_id()
                 user_id = f"{cluster_id}{ex_id}"
-                user_out, key = self._create_user_key(user_id, path, fs_name)
+                user_out, key = self._create_user_key(user_id, path, fs_name, read_only)
                 access_type = "RW"
                 if read_only:
                     access_type = "RO"