src/mds: allow passing fs names and path in same cap

Allow passing path along with fs names and capspec while creating an MDS
cap. The new syntax looks as follows -

allow rw fsname=<fsname> path=<path>

To provide caps for multiple file systems, pass the same phrase multiple
times separated by commas -

allow rw fsname=<fsname1> path=<path1>, allow rw fsname=<fsname2>
path=<path2>, ...

This commit also makes sure that the old syntax 'allow rw path=<path>'
is supported for backwards compatibility. The old syntax would imply
'allow rw fsname=* path=<path>' and would grant read-write permission for
all FSs containing the path <path>.

Signed-off-by: Rishabh Dave <ridave@redhat.com>

PendingReleaseNotes

@@ -157,3 +157,6 @@
   and operate on specific Ceph file systems. The FS can be specificed using
   ``fsname`` in caps. This also affects subcommand ``fs authorize``, the caps
   produce by it will be specific to the FS name passed in its arguments.
+
+* fs: "fs authorize" now sets MON cap to "allow <perm> fsname=<fsname>"
+      instead of setting it to "allow r" all the time.

src/mds/MDSAuthCaps.cc

@@ -73,6 +73,7 @@ struct MDSCapParser : qi::grammar<Iterator, MDSAuthCaps()>
     match = -(
 	     (uid >> gidlist)[_val = phoenix::construct<MDSCapMatch>(_1, _2)] |
 	     (path >> uid >> gidlist)[_val = phoenix::construct<MDSCapMatch>(_1, _2, _3)] |
+             (fs_name >> path)[_val = phoenix::construct<MDSCapMatch>(_2, _1)] |
              (path)[_val = phoenix::construct<MDSCapMatch>(_1)] |
              (fs_name)[_val = phoenix::construct<MDSCapMatch>(std::string(),
 							      _1)]);

src/mds/mdstypes.h

@@ -77,6 +77,7 @@ extern const mds_gid_t MDS_GID_NONE;
 
 typedef int32_t fs_cluster_id_t;
 constexpr fs_cluster_id_t FS_CLUSTER_ID_NONE = -1;
+
 // The namespace ID of the anonymous default filesystem from legacy systems
 constexpr fs_cluster_id_t FS_CLUSTER_ID_ANONYMOUS = 0;
 

src/mon/AuthMonitor.cc

@@ -1639,21 +1639,24 @@ bool AuthMonitor::prepare_command(MonOpRequestRef op)
 
       mds_cap_string += mds_cap_string.empty() ? "" : ", ";
       mds_cap_string += "allow " + cap;
+
+      if (filesystem != "*" && filesystem != "all") {
+	auto fs = mon->mdsmon()->get_fsmap().get_filesystem(filesystem);
+	if (!fs) {
+	  ss << "filesystem " << filesystem << " does not exist.";
+	  err = -EINVAL;
+	  goto done;
+	} else {
+	  mds_cap_string += " fsname=" + std::string(fs->mds_map.get_fs_name());
+	}
+      }
+
       if (path != "/") {
 	mds_cap_string += " path=" + path;
       }
     }
 
-    if (filesystem != "*" && filesystem != "all") {
+    osd_cap_string += osd_cap_string.empty() ? "" : ", ";
-      auto fs = mon->mdsmon()->get_fsmap().get_filesystem(filesystem);
-      if (!fs) {
-	ss << "filesystem " << filesystem << " does not exist.";
-	err = -EINVAL;
-	goto done;
-      }
-    }
-
-    osd_cap_string += osd_cap_string.empty()? "" : ", ";
     osd_cap_string += "allow " + osd_cap_wanted
       + " tag " + pg_pool_t::APPLICATION_NAME_CEPHFS
       + " data=" + filesystem;