ETCD 权限配置

直接使用

docker exec -it etcd1 etcdctl --endpoints=地址 --user=root:123456 role add test_role && \

docker exec etcd1 etcdctl --endpoints=地址 --user=root:123456 role grant-permission test_role readwrite /test --prefix=true && \

docker exec etcd1 etcdctl --endpoints=地址 --user=root:123456 user add testuser:test_password_123456 && \

docker exec etcd1 etcdctl --endpoints=地址9 --user=root:123456 user grant-role testuser test_role

#!/bin/bash

etcd 用户权限配置脚本

用途：配置 etcd 访问用户和权限

set -e

配置参数

ETCD_ENDPOINTS=""

ROOT_PASSWORD=""

APP_USER=""

APP_PASSWORD=""

颜色输出

RED='\033[0;31m'

GREEN='\033[0;32m'

YELLOW='\033[1;33m'

NC='\033[0m'

echo -e "{GREEN}========================================{NC}"

echo -e "{GREEN}etcd 用户权限配置脚本{NC}"

echo -e "{GREEN}========================================{NC}"

等待集群就绪

echo -e "{YELLOW}\[1/8\] 等待 etcd 集群就绪...{NC}"

sleep 5

检查集群状态

echo -e "{YELLOW}\[2/8\] 检查集群状态...{NC}"

docker exec etcd1 etcdctl --endpoints=${ETCD_ENDPOINTS} endpoint status --write-out=table

echo -e "{GREEN}✓ 集群运行正常{NC}"

创建 root 用户

echo -e "{YELLOW}\[3/8\] 创建 root 用户...{NC}"

docker exec etcd1 etcdctl --endpoints={ETCD_ENDPOINTS} user add root:{ROOT_PASSWORD} || echo "root 用户可能已存在"

echo -e "{GREEN}✓ root 用户已配置{NC}"

创建应用用户

echo -e "{YELLOW}\[4/8\] 创建应用用户 ({APP_USER})...${NC}"

docker exec etcd1 etcdctl --endpoints={ETCD_ENDPOINTS} user add {APP_USER}:{APP_PASSWORD} \|\| echo "{APP_USER} 用户可能已存在"

echo -e "{GREEN}✓ {APP_USER} 用户已创建${NC}"

创建角色

echo -e "{YELLOW}\[5/8\] 创建角色...{NC}"

docker exec etcd1 etcdctl --endpoints=${ETCD_ENDPOINTS} role add readwrite || echo "readwrite 角色可能已存在"

echo -e "{GREEN}✓ readwrite 角色已创建{NC}"

授予权限（读写所有 key）

echo -e "{YELLOW}\[6/8\] 授予权限...{NC}"

docker exec etcd1 etcdctl --endpoints=${ETCD_ENDPOINTS} role grant-permission readwrite readwrite '' --prefix=true

docker exec etcd1 etcdctl --endpoints=${ETCD_ENDPOINTS} role grant-permission readwrite read '' --prefix=true

echo -e "{GREEN}✓ 权限已授予{NC}"

将用户绑定到角色

echo -e "{YELLOW}\[7/8\] 绑定用户到角色...{NC}"

docker exec etcd1 etcdctl --endpoints={ETCD_ENDPOINTS} user grant-role {APP_USER} readwrite

echo -e "{GREEN}✓ 用户角色绑定完成{NC}"

启用认证

echo -e "{YELLOW}\[8/8\] 启用认证...{NC}"

docker exec etcd1 etcdctl --endpoints=${ETCD_ENDPOINTS} auth enable || echo "认证可能已启用"

echo -e "{GREEN}✓ 认证已启用{NC}"

测试认证

echo -e "{YELLOW}\[测试\] 测试认证...{NC}"

echo -e "使用 root 用户测试:"

docker exec etcd1 etcdctl --endpoints={ETCD_ENDPOINTS} --user=root:{ROOT_PASSWORD} put /test/auth "authentication works"

docker exec etcd1 etcdctl --endpoints={ETCD_ENDPOINTS} --user=root:{ROOT_PASSWORD} get /test/auth

echo -e ""

echo -e "使用 ${APP_USER} 用户测试:"

docker exec etcd1 etcdctl --endpoints={ETCD_ENDPOINTS} --user={APP_USER}:{APP_PASSWORD} put /test/{APP_USER} "app user works"

docker exec etcd1 etcdctl --endpoints={ETCD_ENDPOINTS} --user={APP_USER}:{APP_PASSWORD} get /test/{APP_USER}

echo -e ""

echo -e "{GREEN}========================================{NC}"

echo -e "{GREEN}用户权限配置完成！{NC}"

echo -e "{GREEN}========================================{NC}"

echo -e "Root 用户: root"

echo -e "Root 密码: ${ROOT_PASSWORD}"

echo -e ""

echo -e "应用用户: ${APP_USER}"

echo -e "应用密码: ${APP_PASSWORD}"

echo -e ""

echo -e "{YELLOW}重要提示:{NC}"

echo -e "1. 请妥善保管这些密码"

echo -e "2. 建议修改密码: etcdctl user passwd <username>"

echo -e "3. 连接字符串: ${ETCD_ENDPOINTS}"

echo -e ""

echo -e "使用示例:"

echo -e " etcdctl --endpoints={ETCD_ENDPOINTS} --user={APP_USER}:${APP_PASSWORD} get / --prefix"

echo -e "{GREEN}========================================{NC}"