mgr/nfs: adjust cephfs export caps if necessary

If we are importing an old export, we may find that the cephx user
existed but with the wrong caps.  Adjust caps in that case!

Signed-off-by: Sage Weil <sage@newdream.net>

diff --git a/src/pybind/mgr/nfs/export.py b/src/pybind/mgr/nfs/export.py
index b61392950cfbed146d321b1432bcb885b66293e9..aaf87662a49b39c9e2616ad5a5291931a9bebe07 100644 (file)
--- a/src/pybind/mgr/nfs/export.py
+++ b/src/pybind/mgr/nfs/export.py
@@ -462,14 +462,30 @@ class ExportMgr:
         osd_cap = 'allow rw pool={} namespace={}, allow rw tag cephfs data={}'.format(
             self.rados_pool, cluster_id, fs_name)
         access_type = 'r' if fs_ro else 'rw'
+        nfs_caps = [
+            'mon', 'allow r',
+            'osd', osd_cap,
+            'mds', 'allow {} path={}'.format(access_type, path)
+        ]
 
-        ret, out, err = self.mgr.check_mon_command({
+        ret, out, err = self.mgr.mon_command({
             'prefix': 'auth get-or-create',
             'entity': 'client.{}'.format(entity),
-            'caps': ['mon', 'allow r', 'osd', osd_cap, 'mds', 'allow {} path={}'.format(
-                access_type, path)],
+            'caps': nfs_caps,
             'format': 'json',
         })
+        if ret == -errno.EINVAL and 'does not match' in err:
+            ret, out, err = self.mgr.check_mon_command({
+                'prefix': 'auth caps',
+                'entity': 'client.{}'.format(entity),
+                'caps': nfs_caps,
+                'format': 'json',
+            })
+            ret, out, err = self.mgr.check_mon_command({
+                'prefix': 'auth get',
+                'entity': 'client.{}'.format(entity),
+                'format': 'json',
+            })
 
         json_res = json.loads(out)
         log.info("Export user created is {}".format(json_res[0]['entity']))