问题描述
我想从ES读取数据,但不想意外写入数据(无索引操作)。这只是一个安全措施,所以后来修改查询功能的人不能插入数据。
你想要只读客户端。客户强调您可能会在系统中的同一个集群中拥有其他客户端。然后将整个索引封锁为只读将阻止所有客户端。您必须拥有一个在集群中写入/更新数据的工作。
如果这是您的usecase,则将客户端视为弹性搜索用户,每个用户具有不同的访问策略朝向您的群集。
弹性搜索提供用于实现客户端身份验证以及授权。
您可以创建具有不同访问策略的多个ES用户配置文件。
bin / shield / esusers useradd es_admin -r admin
pre>
使用角色api创建角色并将每个用户专用于每个角色。
POST / _shield / role / my_admin_role
{
cluster:[all],
indices:[
{
:[index1,index2],
privileges:[read]
}
],
run_as:[other_user]
}
您还可以配置,如果你想远离盾牌,请提前给群集管理员授权。
I want to read data from ES but don't want to accidentally write data to it(no indexing operations). This is just a safety measure so that someone else later modifying the querying functions are not allowed to insert data.
解决方案when you say you want read-only client. Client emphasize you may have other clients for the same cluster in your system. Then blocking the whole index for read-only will block this for all clients. You must have a job which writes/update your data in cluster.
If this is your usecase then, think of clients as elasticsearch users with each user having different access-policy toward your cluster.
Elastic search provides shield plugin for implementing clients authentication as well as authorization.
You can create multiple ES - users with different access policy in configuration files.
bin/shield/esusers useradd es_admin -r admin
Using role api create roles and dedicate each user to each role.
POST /_shield/role/my_admin_role { "cluster": ["all"], "indices": [ { "names": [ "index1", "index2" ], "privileges": ["read"] } ], "run_as": [ "other_user" ] }
you can also configure nginx reverse proxy ahead of es cluster to manager authorization for users if you want to stay away from shield.
这篇关于如何在python中为ElasticSearch创建只读客户端?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!