etcd v3用户权限操作

增加root用户

/data/etcd/etcd/etcdctl --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 user add root

创建用户：RootRead,RootWrite,RootReadWrite

/data/etcd/etcd/etcdctl --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 user add RootRead
/data/etcd/etcd/etcdctl --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 user add RootWrite
/data/etcd/etcd/etcdctl --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 user add RootReadWrite

创建角色：KeyRead,KeyWrite,KeyReadWrite

/data/etcd/etcd/etcdctl --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 role add KeyRead
/data/etcd/etcd/etcdctl --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 role add KeyWrite
/data/etcd/etcd/etcdctl --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 role add KeyReadWrite

给角色赋权

/data/etcd/etcd/etcdctl --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 role grant-permission KeyRead read /var
/data/etcd/etcd/etcdctl --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 role grant-permission KeyWrite write /var
/data/etcd/etcd/etcdctl --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 role grant-permission KeyReadWrite readwrite /var

赋于用户权限

/data/etcd/etcd/etcdctl --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 user grant-role RootRead KeyRead
/data/etcd/etcd/etcdctl --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 user grant-role RootWrite KeyWrite
/data/etcd/etcd/etcdctl --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 user grant-role RootReadWrite KeyReadWrite

开启身份验证:

/data/etcd/etcd/etcdctl --user='root' --password='123456' --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 auth enable

查看KeyRead最新的权限信息

/data/etcd/etcd/etcdctl --user='root' --password='123456' --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 role get KeyRead

撤销权限

/data/etcd/etcd/etcdctl  --user='root' --password='123456' --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 user revoke-role RootRead KeyRead
查看用户
/data/etcd/etcd/etcdctl --user='root' --password='123456' --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 user list

收回 KeyReadWrite 角色对 /* 目录的读写操作

/data/etcd/etcd/etcdctl --user='root' --password='123456' --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 role revoke-permission  KeyReadWrite  /*

查看角色访问权限:

/data/etcd/etcd/etcdctl  --user='root' --password='123456'  --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 role get KeyWrite

删除角色 :

/data/etcd/etcd/etcdctl --user='root' --password='123456' --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 role delete  KeyRead

修改用户密码：

/data/etcd/etcd/etcdctl --user='root' --password='123456' --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 user passwd RootWrite

查看角色

/data/etcd/etcd/etcdctl  --user='root' --password='123456' --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 role list

带权限的操作

/data/etcd/etcd/etcdctl  --user='root' --password='123456' --endpoints --username user2:passwod http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006  get foo bar
/data/etcd/etcd/etcdctl --user='root' --password='123456'  --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 put /bar  bar
/data/etcd/etcd/etcdctl --user='root' --password='123456'  --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 get  bar