Cassandra--用户密码设置
Cassandra 用户名密码设置,我使用的cassandra版本为3.11.1。本篇博客不仅仅演示Cassandra 用户密码的设置,还包括Cassandra 用户的一些更新删除的操作。下面一起来看看:
修改配置文件
默认cassandra是不需要账号密码的,授权信息默认如下配置
1
2authenticator: AllowAllAuthenticator
authorizer: AllowAllAuthorizer修改
conf/cassandra.yaml
配置文件,然后重启1
2authenticator: PasswordAuthenticator
authorizer: CassandraAuthorizer
- 如下
查看Cassandra权限
- 权限管理这块数据保存在
keyspace
里面,主要有四张表resource_role_permissons_index
、role_permissions
、role_permissions
、roles
,表不多我们可以查看一下1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31cassandra@cqlsh> desc keyspace system_auth
CREATE KEYSPACE system_auth WITH
replication = {'class': 'SimpleStrategy', 'replication_factor': '1'} AND durable_writes = true;
CREATE TABLE system_auth.resource_role_permissons_index (
resource text,
role text,
PRIMARY KEY (resource, role)
)
CREATE TABLE system_auth.role_permissions (
role text,
resource text,
permissions set<text>,
PRIMARY KEY (role, resource)
)
CREATE TABLE system_auth.role_members (
role text,
member text,
PRIMARY KEY (role, member)
)
CREATE TABLE system_auth.roles (
role text PRIMARY KEY,
can_login boolean,
is_superuser boolean,
member_of set<text>,
salted_hash text
)
使用默认账号密码
- 使用默认账号密码登录
cqlsh -ucassandra -p cassandra
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26cassandra@cqlsh> use system_auth;
cassandra@cqlsh:system_auth> select * from resource_role_permissons_index;
resource | role
----------+------
(0 rows)
cassandra@cqlsh:system_auth> select * from role_permissions;
role | resource | permissions
------+----------+-------------
(0 rows)
cassandra@cqlsh:system_auth> select * from role_permissions;
role | resource | permissions
------+----------+-------------
(0 rows)
cassandra@cqlsh:system_auth> select * from roles;
role | can_login | is_superuser | member_of | salted_hash
-----------+-----------+--------------+-----------+-------------------------------
cassandra | True | True | null | $2a$10...RhFCCKQwT6wNyucgANW
(1 rows)
用户相关操作
创建账号并设置密码授权为超级用户,例如设置账号为xiaoxiaomo,密码为blog
(SUPERUSER超级用户,NOSUPERUSER普通用户)1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30cassandra@cqlsh:system_auth> create user xiaoxiaomo with password 'blog' superuser;
cassandra@cqlsh:system_auth> select * from resource_role_permissons_index;
resource | role
------------------+-----------
roles/xiaoxiaomo | cassandra
(1 rows)
cassandra@cqlsh:system_auth> select * from role_permissions;
role | resource | permissions
-----------+------------------+--------------------------------
cassandra | roles/xiaoxiaomo | {'ALTER', 'AUTHORIZE', 'DROP'}
(1 rows)
cassandra@cqlsh:system_auth> select * from role_permissions;
role | resource | permissions
-----------+------------------+--------------------------------
cassandra | roles/xiaoxiaomo | {'ALTER', 'AUTHORIZE', 'DROP'}
(1 rows)
cassandra@cqlsh:system_auth> select * from roles;
role | can_login | is_superuser | member_of | salted_hash
------------+-----------+--------------+-----------+-------------------------------
xiaoxiaomo | True | True | null | $2a$10$C....sUJwqElvJ9UZe0YXSdu
cassandra | True | True | null | $2a$10$K....wNyucgANW
(2 rows)删除默认账号
1
cassandra@cqlsh:system_auth> drop user cassandra;
修改用户信息(密码或者身份)
(下面修改cassandra用户密码为cassandra1,身份修改为普通用户)1
2
3
4
5
6
7
8
9
10
11[cassandra@xiaoxiaomo.blog apache-cassandra-3.11.1]$ ./bin/cqlsh -uxiaoxiaomo -pblog
Connected to XXOCluster at 127.0.0.1:9042.
[cqlsh 5.0.1 | Cassandra 3.11.1 | CQL spec 3.4.4 | Native protocol v4]
Use HELP for help.
xiaoxiaomo@cqlsh> alter user cassandra with password 'cassandra1' nosuperuser;
xiaoxiaomo@cqlsh> quit;
[cassandra@xiaoxiaomo.blog apache-cassandra-3.11.1]$ ./bin/cqlsh -ucassandra -pcassandra1;
Connected to XXOCluster at 127.0.0.1:9042.
[cqlsh 5.0.1 | Cassandra 3.11.1 | CQL spec 3.4.4 | Native protocol v4]
Use HELP for help.
普通用户智能查看,不能创建修改删除
1
2
3
4
5
6
7
8
9
10
11 cassandra@cqlsh> create keyspace test2
... WITH REPLICATION = {'class': 'SimpleStrategy','replication_factor':1};
Unauthorized: Error from server: code=2100 [Unauthorized] message="User cassandra has no CREATE permission on <all keyspaces> or any of its parents"
cassandra@cqlsh> alter keyspace testspace
... with replication={'class': 'SimpleStrategy', 'replication_factor':2};
Unauthorized: Error from server: code=2100 [Unauthorized] message="User cassandra has no ALTER permission on <keyspace testspace> or any of its parents"
cassandra@cqlsh> drop keyspace testspace;
Unauthorized: Error from server: code=2100 [Unauthorized] message="User cassandra has no DROP permission on <keyspace testspace> or any of its parents"
cassandra@cqlsh>