ETCD 权限配置

直接使用
docker exec -it etcd1 etcdctl --endpoints=地址 --user=root:123456 role add test_role && \
docker exec etcd1 etcdctl --endpoints=地址 --user=root:123456 role grant-permission test_role readwrite /test --prefix=true && \
docker exec etcd1 etcdctl --endpoints=地址 --user=root:123456 user add testuser:test_password_123456 && \
docker exec etcd1 etcdctl --endpoints=地址9 --user=root:123456 user grant-role testuser test_role

#!/bin/bash

# etcd 用户权限配置脚本

# 用途：配置 etcd 访问用户和权限

set -e

# 配置参数

ETCD_ENDPOINTS=""

ROOT_PASSWORD=""

APP_USER=""

APP_PASSWORD=""

# 颜色输出

RED='\033[0;31m'

GREEN='\033[0;32m'

YELLOW='\033[1;33m'

NC='\033[0m'

echo -e "${GREEN}========================================${NC}"

echo -e "${GREEN}etcd 用户权限配置脚本${NC}"

echo -e "${GREEN}========================================${NC}"

# 等待集群就绪

echo -e "${YELLOW}[1/8] 等待 etcd 集群就绪...${NC}"

sleep 5

# 检查集群状态

echo -e "${YELLOW}[2/8] 检查集群状态...${NC}"

docker exec etcd1 etcdctl --endpoints=${ETCD_ENDPOINTS} endpoint status --write-out=table

echo -e "${GREEN}✓ 集群运行正常${NC}"

# 创建 root 用户

echo -e "${YELLOW}[3/8] 创建 root 用户...${NC}"

docker exec etcd1 etcdctl --endpoints=${ETCD_ENDPOINTS} user add root:${ROOT_PASSWORD} || echo "root 用户可能已存在"

echo -e "${GREEN}✓ root 用户已配置${NC}"

# 创建应用用户

echo -e "${YELLOW}[4/8] 创建应用用户 (${APP_USER})...${NC}"

docker exec etcd1 etcdctl --endpoints=${ETCD_ENDPOINTS} user add ${APP_USER}:${APP_PASSWORD} || echo "${APP_USER} 用户可能已存在"

echo -e "${GREEN}✓ ${APP_USER} 用户已创建${NC}"

# 创建角色

echo -e "${YELLOW}[5/8] 创建角色...${NC}"

docker exec etcd1 etcdctl --endpoints=${ETCD_ENDPOINTS} role add readwrite || echo "readwrite 角色可能已存在"

echo -e "${GREEN}✓ readwrite 角色已创建${NC}"

# 授予权限（读写所有 key）

echo -e "${YELLOW}[6/8] 授予权限...${NC}"

docker exec etcd1 etcdctl --endpoints=${ETCD_ENDPOINTS} role grant-permission readwrite readwrite '' --prefix=true

docker exec etcd1 etcdctl --endpoints=${ETCD_ENDPOINTS} role grant-permission readwrite read '' --prefix=true

echo -e "${GREEN}✓ 权限已授予${NC}"

# 将用户绑定到角色

echo -e "${YELLOW}[7/8] 绑定用户到角色...${NC}"

docker exec etcd1 etcdctl --endpoints=${ETCD_ENDPOINTS} user grant-role ${APP_USER} readwrite

echo -e "${GREEN}✓ 用户角色绑定完成${NC}"

# 启用认证

echo -e "${YELLOW}[8/8] 启用认证...${NC}"

docker exec etcd1 etcdctl --endpoints=${ETCD_ENDPOINTS} auth enable || echo "认证可能已启用"

echo -e "${GREEN}✓ 认证已启用${NC}"

# 测试认证

echo -e "${YELLOW}[测试] 测试认证...${NC}"

echo -e "使用 root 用户测试:"

docker exec etcd1 etcdctl --endpoints=${ETCD_ENDPOINTS} --user=root:${ROOT_PASSWORD} put /test/auth "authentication works"

docker exec etcd1 etcdctl --endpoints=${ETCD_ENDPOINTS} --user=root:${ROOT_PASSWORD} get /test/auth

echo -e ""

echo -e "使用 ${APP_USER} 用户测试:"

docker exec etcd1 etcdctl --endpoints=${ETCD_ENDPOINTS} --user=${APP_USER}:${APP_PASSWORD} put /test/${APP_USER} "app user works"

docker exec etcd1 etcdctl --endpoints=${ETCD_ENDPOINTS} --user=${APP_USER}:${APP_PASSWORD} get /test/${APP_USER}

echo -e ""

echo -e "${GREEN}========================================${NC}"

echo -e "${GREEN}用户权限配置完成！${NC}"

echo -e "${GREEN}========================================${NC}"

echo -e "Root 用户: root"

echo -e "Root 密码: ${ROOT_PASSWORD}"

echo -e ""

echo -e "应用用户: ${APP_USER}"

echo -e "应用密码: ${APP_PASSWORD}"

echo -e ""

echo -e "${YELLOW}重要提示:${NC}"

echo -e "1. 请妥善保管这些密码"

echo -e "2. 建议修改密码: etcdctl user passwd <username>"

echo -e "3. 连接字符串: ${ETCD_ENDPOINTS}"

echo -e ""

echo -e "使用示例:"

echo -e " etcdctl --endpoints=${ETCD_ENDPOINTS} --user=${APP_USER}:${APP_PASSWORD} get / --prefix"

echo -e "${GREEN}========================================${NC}"