tzfun
role feature has some bugs
i use etcdctl create a role which can read all keys, can write under /test. and apply to a user.
i use etcdctl to list all keys, the command is:
ETCDCTL_API=3 etcdctl --user=mabin:password get / --prefix
it can work well.
but when i login in with etcd-workbench gui, it shows permission denied. the snapshot is :
Hello, as I currently don’t have a computer nearby and cannot check the specific issue, based on my memory, I suspect it might be caused by the pagination feature. You can try the following steps to temporarily resolve the problem and provide me with an opportunity to verify:
Go to Settings > Keys > turn off Pagination Query.
@yurneroma I reproduced your issue and found that this is reasonable. The read permission you set for the role is not for all keys, but only for keys prefixed with "/". In etcd workbench, if no namespace is set, reading keys means accessing all keys. Therefore, the etcd server will prompt a permission denied error because the role does not have read permissions for all keys. Adding a namespace set to "/" in your configuration will allow normal access.
If you need to set up permissions that support accessing all keys, you should configure it like this:
In etcd workbench, you'll see that the access permissions for all keys and prefix-based access are displayed differently.