Ceph » CephFS

Currently assigning caps for a second FS to an already existing client (which holds caps for a different FS already) using "ceph fs authorize" subcommand is not possible -

$ ./bin/ceph fs ls
name: a, metadata pool: cephfs.a.meta, data pools: [cephfs.a.data ]
name: cephfs2, metadata pool: cephfs2_meta, data pools: [cephfs2_data ]
$ ./bin/ceph fs authorize a client.someuser / rw
[client.someuser]
    key = AQAjeUNfcvezHhAAzFTLqmpzZRqgEV5bRReChw==
$ ./bin/ceph fs authorize cephfs2 client.someuser / rw
Error EINVAL: client.someuser already has fs capabilities that differ from those supplied. To generate a new auth key for client.someuser, first remove client.someuser from configuration files, execute 'ceph auth rm client.someuser', then execute this command again.
$

I think it would be very convenient for CephFS users to be able to assign caps for multiple FSs to already existing clients using this subcommand. Ticket #15070 (PR #32581) already adds the ability for a client to have caps for multiple FSs, we just need to modify behaviour for "fs authorize" subcommand to get this done.

Also, IMO, it would be nice to have the reverse of the behaviour proposed above: removing caps only for a certain FS for a client. We can add a new subcommand "fs deauthorize" the syntax of which would be same as that of "fs authorize".