etcd v3用户权限操作

liao__ran2024-01-20 15:52
增加root用户
复制代码 
/data/etcd/etcd/etcdctl --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 user add root
创建用户:RootRead,RootWrite,RootReadWrite
复制代码 
/data/etcd/etcd/etcdctl --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 user add RootRead
/data/etcd/etcd/etcdctl --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 user add RootWrite
/data/etcd/etcd/etcdctl --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 user add RootReadWrite
创建角色:KeyRead,KeyWrite,KeyReadWrite
复制代码 
/data/etcd/etcd/etcdctl --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 role add KeyRead
/data/etcd/etcd/etcdctl --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 role add KeyWrite
/data/etcd/etcd/etcdctl --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 role add KeyReadWrite
给角色赋权
复制代码 
/data/etcd/etcd/etcdctl --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 role grant-permission KeyRead read /var
/data/etcd/etcd/etcdctl --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 role grant-permission KeyWrite write /var
/data/etcd/etcd/etcdctl --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 role grant-permission KeyReadWrite readwrite /var
赋于用户权限
复制代码 
/data/etcd/etcd/etcdctl --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 user grant-role RootRead KeyRead
/data/etcd/etcd/etcdctl --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 user grant-role RootWrite KeyWrite
/data/etcd/etcd/etcdctl --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 user grant-role RootReadWrite KeyReadWrite
开启身份验证:
复制代码 
/data/etcd/etcd/etcdctl --user='root' --password='123456' --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 auth enable
查看KeyRead最新的权限信息
复制代码 
/data/etcd/etcd/etcdctl --user='root' --password='123456' --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 role get KeyRead
撤销权限
复制代码 
/data/etcd/etcd/etcdctl  --user='root' --password='123456' --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 user revoke-role RootRead KeyRead
查看用户
/data/etcd/etcd/etcdctl --user='root' --password='123456' --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 user list
收回 KeyReadWrite 角色对 /* 目录的读写操作
复制代码 
/data/etcd/etcd/etcdctl --user='root' --password='123456' --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 role revoke-permission  KeyReadWrite  /*
查看角色访问权限:
复制代码 
/data/etcd/etcd/etcdctl  --user='root' --password='123456'  --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 role get KeyWrite
删除角色 :
复制代码 
/data/etcd/etcd/etcdctl --user='root' --password='123456' --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 role delete  KeyRead
修改用户密码:
复制代码 
/data/etcd/etcd/etcdctl --user='root' --password='123456' --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 user passwd RootWrite
查看角色
复制代码 
/data/etcd/etcd/etcdctl  --user='root' --password='123456' --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 role list
带权限的操作
复制代码 
/data/etcd/etcd/etcdctl  --user='root' --password='123456' --endpoints --username user2:passwod http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006  get foo bar
/data/etcd/etcd/etcdctl --user='root' --password='123456'  --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 put /bar  bar
/data/etcd/etcd/etcdctl --user='root' --password='123456'  --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 get  bar
相关推荐
倔强的石头_2 天前
《Kingbase护城河》——数据库存储空间全景探测与精细化瘦身实战
数据库
冬奇Lab3 天前
每日一个开源项目(第134篇):Zvec - 阿里开源的嵌入式向量数据库,向量搜索界的 SQLite
数据库·人工智能·llm
ClouGence3 天前
Oracle CDC 架构优化:从主库直连到 DataGuard 备库同步
数据库·后端·oracle
无响应de神3 天前
三、用户与权限管理
数据库·mysql
麦聪聊数据4 天前
数据服务化时代:企业数据能力输出的核心路径
数据库
shushangyun_4 天前
2026年快消品B2B系统推荐:支持终端门店订货、促销政策自动化的工具?
java·运维·网络·数据库·人工智能·spring·自动化
DARLING Zero two♡4 天前
【MySQL数据库】数据类型与表约束
数据库·mysql
曹牧4 天前
Oracle EXPLAIN PLAN
数据库·oracle
BD_Marathon4 天前
SQL学习指南——视图
数据库·sql
活宝小娜4 天前
mysql详细安装教程
数据库·mysql·adb
热门推荐
012026年6月AI行业全景:从百模大战到Agent元年,这30天发生了什么?022026年6月AI大模型全景报告:GPT-5.6、Claude Opus 4.8、Gemini 3.5,中美AI三足鼎立谁主沉浮?032026 年 AI 编程工具终极横评:Cursor vs Claude Code vs Copilot vs Windsurf04【AI】2026 年具身智能模型和世界模型总结05GitHub 镜像站点06AI科技热点日报 | 2026年6月1日07AI一周事件 · 2026-06-03 至 2026-06-0908Claude Code、Codex、Cursor三分天下:2026年AI编程Agent生态全景剖析09上线仅72小时被强制下架:Claude Fable 5 的短命102026 AI 编程工具终极实战指南:Cursor vs Claude Code vs Copilot,开发者该怎么选?