mon/AuthMonitor: make fs authorize assign FS specific MON cap

So far running "fs authorize" subcommand sets "allow r" as MON cap;
change that to "allow <perms> fsname=<fsname>".

Signed-off-by: Rishabh Dave <ridave@redhat.com>

diff --git a/src/mon/AuthMonitor.cc b/src/mon/AuthMonitor.cc
index f299724fe22354e93dea9aa05090ccaaf5eab816..550a4b74367a4ba46ca08a27fcba30f78891d8d5 100644 (file)
--- a/src/mon/AuthMonitor.cc
+++ b/src/mon/AuthMonitor.cc
@@ -1600,9 +1600,22 @@ bool AuthMonitor::prepare_command(MonOpRequestRef op)
   } else if (prefix == "fs authorize") {
     string filesystem;
     cmd_getval(cmdmap, "filesystem", filesystem);
+    string mon_cap_string = "allow r";
     string mds_cap_string, osd_cap_string;
     string osd_cap_wanted = "r";
 
+    std::shared_ptr<const Filesystem> fs;
+    if (filesystem != "*" && filesystem != "all") {
+      fs = mon->mdsmon()->get_fsmap().get_filesystem(filesystem);
+      if (fs == nullptr) {
+       ss << "filesystem " << filesystem << " does not exist.";
+       err = -EINVAL;
+       goto done;
+      } else {
+       mon_cap_string += " fsname=" + std::string(fs->mds_map.get_fs_name());
+      }
+    }
+
     for (auto it = caps_vec.begin();
         it != caps_vec.end() && (it + 1) != caps_vec.end();
         it += 2) {
@@ -1640,15 +1653,8 @@ bool AuthMonitor::prepare_command(MonOpRequestRef op)
       mds_cap_string += mds_cap_string.empty() ? "" : ", ";
       mds_cap_string += "allow " + cap;
 
-      if (filesystem != "*" && filesystem != "all") {
-       auto fs = mon->mdsmon()->get_fsmap().get_filesystem(filesystem);
-       if (!fs) {
-         ss << "filesystem " << filesystem << " does not exist.";
-         err = -EINVAL;
-         goto done;
-       } else {
-         mds_cap_string += " fsname=" + std::string(fs->mds_map.get_fs_name());
-       }
+      if (filesystem != "*" && filesystem != "all" && fs != nullptr) {
+       mds_cap_string += " fsname=" + std::string(fs->mds_map.get_fs_name());
       }
 
       if (path != "/") {
@@ -1662,12 +1668,13 @@ bool AuthMonitor::prepare_command(MonOpRequestRef op)
       + " data=" + filesystem;
 
     std::map<string, bufferlist> wanted_caps = {
-      { "mon", _encode_cap("allow r") },
+      { "mon", _encode_cap(mon_cap_string) },
       { "osd", _encode_cap(osd_cap_string) },
       { "mds", _encode_cap(mds_cap_string) }
     };
 
-    if (!valid_caps("osd", osd_cap_string, &ss) ||
+    if (!valid_caps("mon", mon_cap_string, &ss) ||
+        !valid_caps("osd", osd_cap_string, &ss) ||
        !valid_caps("mds", mds_cap_string, &ss)) {
       err = -EINVAL;
       goto done;