etcd v3用户权限操作

本文介绍: etcd用户权限操作

增加root用户

/data/etcd/etcd/etcdctl --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 user add root

创建用户：RootRead,RootWrite,RootReadWrite

/data/etcd/etcd/etcdctl --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 user add RootRead
/data/etcd/etcd/etcdctl --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 user add RootWrite
/data/etcd/etcd/etcdctl --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 user add RootReadWrite

创建角色：KeyRead,KeyWrite,KeyReadWrite

/data/etcd/etcd/etcdctl --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 role add KeyRead
/data/etcd/etcd/etcdctl --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 role add KeyWrite
/data/etcd/etcd/etcdctl --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 role add KeyReadWrite

给角色赋权

/data/etcd/etcd/etcdctl --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 role grant-permission KeyRead read /var
/data/etcd/etcd/etcdctl --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 role grant-permission KeyWrite write /var
/data/etcd/etcd/etcdctl --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 role grant-permission KeyReadWrite readwrite /var

赋于用户权限

/data/etcd/etcd/etcdctl --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 user grant-role RootRead KeyRead
/data/etcd/etcd/etcdctl --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 user grant-role RootWrite KeyWrite
/data/etcd/etcd/etcdctl --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 user grant-role RootReadWrite KeyReadWrite

开启身份验证:

/data/etcd/etcd/etcdctl --user='root' --password='123456' --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 auth enable

查看KeyRead最新的权限信息

/data/etcd/etcd/etcdctl --user='root' --password='123456' --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 role get KeyRead

撤销权限

/data/etcd/etcd/etcdctl  --user='root' --password='123456' --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 user revoke-role RootRead KeyRead
查看用户
/data/etcd/etcd/etcdctl --user='root' --password='123456' --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 user list

收回 KeyReadWrite 角色对 /* 目录的读写操作

/data/etcd/etcd/etcdctl --user='root' --password='123456' --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 role revoke-permission  KeyReadWrite  /*

查看角色访问权限:

/data/etcd/etcd/etcdctl  --user='root' --password='123456'  --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 role get KeyWrite

删除角色 :

/data/etcd/etcd/etcdctl --user='root' --password='123456' --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 role delete  KeyRead

修改用户密码：

/data/etcd/etcd/etcdctl --user='root' --password='123456' --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 user passwd RootWrite

查看角色

/data/etcd/etcd/etcdctl  --user='root' --password='123456' --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 role list

带权限的操作

/data/etcd/etcd/etcdctl  --user='root' --password='123456' --endpoints --username user2:passwod http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006  get foo bar
/data/etcd/etcd/etcdctl --user='root' --password='123456'  --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 put /bar  bar
/data/etcd/etcd/etcdctl --user='root' --password='123456'  --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 get  bar

原文地址:https://blog.csdn.net/liao__ran/article/details/135616109

本文来自互联网用户投稿，该文观点仅代表作者本人，不代表本站立场。本站仅提供信息存储空间服务，不拥有所有权，不承担相关法律责任。

如若转载，请注明出处：http://www.7code.cn/show_59000.html

如若内容造成侵权/违法违规/事实不符，请联系代码007邮箱：suwngjj01@126.com进行投诉反馈，一经查实，立即删除！

声明：本站所有文章，如无特殊说明或标注，均为本站原创发布。任何个人或组织，在未征得本站同意时，禁止复制、盗用、采集、发布本站内容到任何网站、书籍等各类媒体平台。如若本站内容侵犯了原著者的合法权益，可联系我们进行处理。