Cassandra--用户密码设置

Cassandra
  1. 修改配置文件
  2. 查看Cassandra权限
  3. 使用默认账号密码
  4. 用户相关操作

  Cassandra 用户名密码设置,我使用的cassandra版本为3.11.1。本篇博客不仅仅演示Cassandra 用户密码的设置,还包括Cassandra 用户的一些更新删除的操作。下面一起来看看:

修改配置文件

  1. 默认cassandra是不需要账号密码的,授权信息默认如下配置

    1
    2
    authenticator: AllowAllAuthenticator
    authorizer: AllowAllAuthorizer

  2. 修改conf/cassandra.yaml配置文件,然后重启

    1
    2
    authenticator: PasswordAuthenticator
    authorizer: CassandraAuthorizer
  • 如下
    cassandra 授权

查看Cassandra权限

  • 权限管理这块数据保存在keyspace里面,主要有四张表resource_role_permissons_indexrole_permissionsrole_permissionsroles,表不多我们可以查看一下
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    cassandra@cqlsh> desc keyspace system_auth

    CREATE KEYSPACE system_auth WITH 
        replication = {'class': 'SimpleStrategy', 'replication_factor': '1'}  AND durable_writes = true;

    CREATE TABLE system_auth.resource_role_permissons_index (
        resource text,
        role text,
        PRIMARY KEY (resource, role)
    )

    CREATE TABLE system_auth.role_permissions (
        role text,
        resource text,
        permissions set<text>,
        PRIMARY KEY (role, resource)
    ) 

    CREATE TABLE system_auth.role_members (
        role text,
        member text,
        PRIMARY KEY (role, member)
    ) 

    CREATE TABLE system_auth.roles (
        role text PRIMARY KEY,
        can_login boolean,
        is_superuser boolean,
        member_of set<text>,
        salted_hash text
    )

使用默认账号密码

  • 使用默认账号密码登录cqlsh -ucassandra -p cassandra
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    cassandra@cqlsh> use system_auth;
    cassandra@cqlsh:system_auth> select * from resource_role_permissons_index;

     resource | role
    ----------+------

    (0 rows)
    cassandra@cqlsh:system_auth> select * from role_permissions;

     role | resource | permissions
    ------+----------+-------------

    (0 rows)
    cassandra@cqlsh:system_auth> select * from role_permissions;

     role | resource | permissions
    ------+----------+-------------

    (0 rows)
    cassandra@cqlsh:system_auth> select * from roles;

     role      | can_login | is_superuser | member_of | salted_hash
    -----------+-----------+--------------+-----------+-------------------------------
     cassandra |      True |         True |      null | $2a$10...RhFCCKQwT6wNyucgANW

    (1 rows)

用户相关操作

  1. 创建账号并设置密码授权为超级用户,例如设置账号为xiaoxiaomo,密码为blog
    (SUPERUSER超级用户,NOSUPERUSER普通用户)

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    cassandra@cqlsh:system_auth> create user xiaoxiaomo with password 'blog' superuser;
    cassandra@cqlsh:system_auth> select * from resource_role_permissons_index;

     resource         | role
    ------------------+-----------
     roles/xiaoxiaomo | cassandra

    (1 rows)
    cassandra@cqlsh:system_auth> select * from role_permissions;

     role      | resource         | permissions
    -----------+------------------+--------------------------------
     cassandra | roles/xiaoxiaomo | {'ALTER', 'AUTHORIZE', 'DROP'}

    (1 rows)
    cassandra@cqlsh:system_auth> select * from role_permissions;

     role      | resource         | permissions
    -----------+------------------+--------------------------------
     cassandra | roles/xiaoxiaomo | {'ALTER', 'AUTHORIZE', 'DROP'}

    (1 rows)
    cassandra@cqlsh:system_auth> select * from roles;

     role       | can_login | is_superuser | member_of | salted_hash
    ------------+-----------+--------------+-----------+-------------------------------
     xiaoxiaomo |      True |         True |      null | $2a$10$C....sUJwqElvJ9UZe0YXSdu
      cassandra |      True |         True |      null | $2a$10$K....wNyucgANW

    (2 rows)

  2. 删除默认账号

    1
    cassandra@cqlsh:system_auth> drop user cassandra;

  3. 修改用户信息(密码或者身份)
    (下面修改cassandra用户密码为cassandra1,身份修改为普通用户)

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    [cassandra@xiaoxiaomo.blog apache-cassandra-3.11.1]$ ./bin/cqlsh -uxiaoxiaomo -pblog
    Connected to XXOCluster at 127.0.0.1:9042.
    [cqlsh 5.0.1 | Cassandra 3.11.1 | CQL spec 3.4.4 | Native protocol v4]
    Use HELP for help.
    xiaoxiaomo@cqlsh> alter user cassandra with password 'cassandra1' nosuperuser;
    xiaoxiaomo@cqlsh> quit;

    [cassandra@xiaoxiaomo.blog apache-cassandra-3.11.1]$ ./bin/cqlsh -ucassandra -pcassandra1;
    Connected to XXOCluster at 127.0.0.1:9042.
    [cqlsh 5.0.1 | Cassandra 3.11.1 | CQL spec 3.4.4 | Native protocol v4]
    Use HELP for help.

普通用户智能查看,不能创建修改删除

1
2
3
4
5
6
7
8
9
10
11
cassandra@cqlsh> create keyspace test2
   ... WITH REPLICATION = {'class': 'SimpleStrategy','replication_factor':1};
Unauthorized: Error from server: code=2100 [Unauthorized] message="User cassandra has no CREATE permission on <all keyspaces> or any of its parents"

cassandra@cqlsh> alter keyspace testspace
   ... with replication={'class': 'SimpleStrategy', 'replication_factor':2};
Unauthorized: Error from server: code=2100 [Unauthorized] message="User cassandra has no ALTER permission on <keyspace testspace> or any of its parents"

cassandra@cqlsh> drop keyspace testspace;
Unauthorized: Error from server: code=2100 [Unauthorized] message="User cassandra has no DROP permission on <keyspace testspace> or any of its parents"
cassandra@cqlsh>

当前网速较慢或者你使用的浏览器不支持博客特定功能,请尝试刷新或换用Chrome、Firefox等现代浏览器