etcd v3用户权限操作

liao__ran2024-01-20 15:52
增加root用户
复制代码 
/data/etcd/etcd/etcdctl --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 user add root
创建用户:RootRead,RootWrite,RootReadWrite
复制代码 
/data/etcd/etcd/etcdctl --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 user add RootRead
/data/etcd/etcd/etcdctl --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 user add RootWrite
/data/etcd/etcd/etcdctl --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 user add RootReadWrite
创建角色:KeyRead,KeyWrite,KeyReadWrite
复制代码 
/data/etcd/etcd/etcdctl --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 role add KeyRead
/data/etcd/etcd/etcdctl --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 role add KeyWrite
/data/etcd/etcd/etcdctl --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 role add KeyReadWrite
给角色赋权
复制代码 
/data/etcd/etcd/etcdctl --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 role grant-permission KeyRead read /var
/data/etcd/etcd/etcdctl --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 role grant-permission KeyWrite write /var
/data/etcd/etcd/etcdctl --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 role grant-permission KeyReadWrite readwrite /var
赋于用户权限
复制代码 
/data/etcd/etcd/etcdctl --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 user grant-role RootRead KeyRead
/data/etcd/etcd/etcdctl --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 user grant-role RootWrite KeyWrite
/data/etcd/etcd/etcdctl --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 user grant-role RootReadWrite KeyReadWrite
开启身份验证:
复制代码 
/data/etcd/etcd/etcdctl --user='root' --password='123456' --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 auth enable
查看KeyRead最新的权限信息
复制代码 
/data/etcd/etcd/etcdctl --user='root' --password='123456' --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 role get KeyRead
撤销权限
复制代码 
/data/etcd/etcd/etcdctl  --user='root' --password='123456' --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 user revoke-role RootRead KeyRead
查看用户
/data/etcd/etcd/etcdctl --user='root' --password='123456' --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 user list
收回 KeyReadWrite 角色对 /* 目录的读写操作
复制代码 
/data/etcd/etcd/etcdctl --user='root' --password='123456' --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 role revoke-permission  KeyReadWrite  /*
查看角色访问权限:
复制代码 
/data/etcd/etcd/etcdctl  --user='root' --password='123456'  --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 role get KeyWrite
删除角色 :
复制代码 
/data/etcd/etcd/etcdctl --user='root' --password='123456' --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 role delete  KeyRead
修改用户密码:
复制代码 
/data/etcd/etcd/etcdctl --user='root' --password='123456' --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 user passwd RootWrite
查看角色
复制代码 
/data/etcd/etcd/etcdctl  --user='root' --password='123456' --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 role list
带权限的操作
复制代码 
/data/etcd/etcd/etcdctl  --user='root' --password='123456' --endpoints --username user2:passwod http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006  get foo bar
/data/etcd/etcd/etcdctl --user='root' --password='123456'  --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 put /bar  bar
/data/etcd/etcd/etcdctl --user='root' --password='123456'  --endpoints http://192.168.73.222:9002,http://192.168.73.222:9004,http://192.168.73.222:9006 get  bar
相关推荐
辞旧 lekkk3 小时前
【Qt】信号和槽
linux·开发语言·数据库·qt·学习·mysql·萌新
2301_809204705 小时前
JavaScript中严格模式use-strict对引擎解析的辅助.txt
jvm·数据库·python
zjy277775 小时前
mysql如何选择合适的索引类型_mysql索引设计实战
jvm·数据库·python
笨蛋不要掉眼泪5 小时前
Mysql架构揭秘:update语句的执行流程
数据库·mysql·架构
万邦科技Lafite5 小时前
京东item_get接口实战案例:实时商品价格监控全流程解析
java·开发语言·数据库·python·开放api·淘宝开放平台
秋96 小时前
ruoyi项目更换为mysql9.7.0数据库
数据库
Andya_net6 小时前
MySQL | MySQL 8.0 权限管理实践-精确赋予库、表只读等权限
android·数据库·mysql
筑梦之路7 小时前
harbor数据库报错权限异常如何处理——筑梦之路
数据库·harbor
czlczl200209258 小时前
理解 MySQL 行锁:两阶段锁协议与热点更新优化
数据库·mysql
AllData公司负责人8 小时前
通过Postgresql同步到Doris,全视角演示AllData数据中台核心功能效果,涵盖:数据入湖仓,数据同步,数据处理,数据服务,BI可视化驾驶舱
java·大数据·数据库·数据仓库·人工智能·python·postgresql
热门推荐
01GitHub 镜像站点02Codex 接入 DeepSeek API 完整配置文档03CC-Switch & Claude 基于 Linux 服务器安装使用指南04零基础教你claude code 接入 deepseek V405【AI】2026 年具身智能模型和世界模型总结06Windows端Codex接入第三方模型(DeekSeek,BaiLian)07要裂开了!ChatGPT要手机号验证了?注册Codex要求验证电话号码怎么办?2026年登陆Codex要手机号验证的解决办法08裂开!ChatGPT 居然开始要手机号验证,附详细解决方法09Cursor 接入 DeepSeek‑V4‑Pro 完整指南(2026 实测)10codex app每次打开重连5次Reconnecting问题解决