如何在python中为ElasticSearch创建只读客户端？ [英] How to create a read-only client for ElasticSearch in python?

问题描述

我想从ES读取数据，但不想意外写入数据（无索引操作）。这只是一个安全措施，所以后来修改查询功能的人不能插入数据。

解决方案

你想要只读客户端。客户强调您可能会在系统中的同一个集群中拥有其他客户端。然后将整个索引封锁为只读将阻止所有客户端。您必须拥有一个在集群中写入/更新数据的工作。

如果这是您的usecase，则将客户端视为弹性搜索用户，每个用户具有不同的访问策略朝向您的群集。

弹性搜索提供屏蔽插件用于实现客户端身份验证以及授权。

您可以创建具有不同访问策略的多个ES用户配置文件。

  bin / shield / esusers useradd es_admin -r admin 
  pre> 
 
 
使用角色api创建角色并将每个用户专用于每个角色。
  POST / _shield / role / my_admin_role 
 {
cluster：[all]，
indices：[
 {
 ：[index1，index2]，
privileges：[read] 
} 
]，
run_as：[other_user] 
 } 
  
您还可以配置 nginx reverse proxy ，如果你想远离盾牌，请提前给群集管理员授权。
 
I want to read data from ES but don't want to accidentally write data to it(no indexing operations). This is just a safety measure so that someone else later modifying the querying functions are not allowed to insert data.
解决方案
when you say you want read-only client. Client emphasize you may have other clients for the same cluster in your system. Then blocking the whole index for read-only will block this for all clients. You must have a job which writes/update your data in cluster.

If this is your usecase then, think of clients as elasticsearch users with each user having different access-policy toward your cluster.

Elastic search provides shield plugin for implementing clients authentication as well as authorization.

You can create multiple ES - users with different access policy in configuration files.
bin/shield/esusers useradd es_admin -r admin
Using role api create roles and dedicate each user to each role.
POST /_shield/role/my_admin_role
{
  "cluster": ["all"], 
  "indices": [ 
    {
      "names": [ "index1", "index2" ], 
      "privileges": ["read"]         
    }
  ],
  "run_as": [ "other_user" ] 
}
you can also configure nginx reverse proxy ahead of es cluster to manager authorization for users if you want to stay away from shield.

                        
这篇关于如何在python中为ElasticSearch创建只读客户端？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！