Login/Register
User authentication in Elasticsearch query using python
Asked Answered
pythonpython-2.7elasticsearchelasticsearch-pluginelasticsearch-2.0
E

8

40

I'm using elastisearch using Python. My code looks somewhat like this:-

from elasticsearch import Elasticsearch

if __name__ == '__main__': 
    index="IndexPosition"
    es=Elasticsearch(['https://localhost:8080'])
    res = es.search(index='{0}'.format(index), doc_type="log",size=1000, from_=0, body={ "query": {
    "match": {
      
        ...Match condition
      }
    }
  }})

Now, due to changes in architecture user authentication has been added in the elasticsearch.Let's assume username-user and password-pass.How do I pass the username and password in the query..?

Endermic answered 13/12, 2016 at 11:18 Comment(0)
T
65

You need to pass the username and password to the Elasticsearch object as shown below:

es = Elasticsearch(['http://localhost:8080'], basic_auth=('user', 'pass'))

You could also use http_auth, but that parameter is deprecated, and should be avoided.

Talos answered 7/11, 2017 at 10:6 Comment(2)
How did you figure this out/find the http_auth parameter?Allgood
Please look into this: https://mcmap.net/q/395320/-user-authentication-in-elasticsearch-query-using-python for the latest version.Labrador
M
24

You can pass username, password in url:

ex:

username: elastic

password: changeme

es = Elasticsearch(hosts="http://elastic:changeme@localhost:9200/")

using CURL

curl -X GET "elastic:changeme@localhost:9200/"
Medullated answered 2/12, 2019 at 6:21 Comment(2)
Why does this solution work for me, but not the one above (http_auth=(user,pwd))? Also, saving passwords in clear text is fine for proof-of-concept, but I can't do this for the long term. Suggestions as to how to hide the password?Parson
@Parson A common way of avoiding hardcoding credentials in the code is using environment variables. pypi.org/project/python-dotenv allows you to put credentials in a .env file and load them from there as environment variablesErosive
T
6

In Elasticsearch 8.x, the http_auth parameter is deprecated, use basic_auth or bearer_auth respectively instead.

Elasticsearch >= 8.x basic auth example:

es = Elasticsearch(['https://localhost:8080'], basic_auth=('user', 'pass'))

Elasticseach < 8.x basic auth example:

es = Elasticsearch(['http://localhost:8080'], http_auth=('user', 'pass'))
Trammell answered 22/7, 2022 at 10:24 Comment(0)
S
3

yes, use es = Elasticsearch(hosts="http://username:password@es-endpoint:es-port/")

Test success in es version 7.7.1

Strega answered 4/9, 2020 at 3:36 Comment(1)
hi, am getting an authentication error while trying to see if indices exists? Can you pls provide some sample code. Am using "res = esClient.indices.exists('metadata-store')" after creating esClient object with username/ passwordDelois
X
3

I am running ElasticSearch on Docker. ElasticSearch v8.10 automatically enables additional security (e.g., use of certificates). The certificate can be copied to the local machine by running:

docker cp elasticsearch:/usr/share/elasticsearch/config/certs/http_ca.crt .

or, if not on Docker:

cp /usr/share/elasticsearch/config/certs/http_ca.crt .

See: Verifying HTTPS with CA certificates & Run Elasticsearch in Docker - Start a single-node cluster (7-8)

from elasticsearch import Elasticsearch

# Password for the 'elastic' user generated by Elasticsearch
ELASTIC_PASSWORD = "<elastic_password>"

es = Elasticsearch(
    "https://localhost:9200",
    ca_certs="/path/to/http_ca.crt",
    basic_auth=("elastic", ELASTIC_PASSWORD)
)

# Successful response!
es.info()
Xeres answered 22/9, 2023 at 23:32 Comment(1)
this worked for me elasticsearch in dockerImprecise
J
2
es = Elasticsearch([{'host': 'localhost', 'port': '8080'}], http_auth=('user', 'pass'))
Jeer answered 3/4, 2020 at 9:51 Comment(0)
H
1

you can connect the elasticsearch with below Host url config

es = Elasticsearch(hosts="http://user:pass@localhost:9200/")
Hamamelidaceous answered 20/2, 2020 at 13:26 Comment(0)
L
1

Girish Kumar's answer works if you have a elastic-search running without https locally. But if it is started with security(which is the default behaviour in ElasticSearch >=8.0) then you will have to also pass in more details about the ca certificate. user2514157 has tried to mention this is their answer but it is only for Docker container. For a local instance of ElasticSearch, you also have an option to pass SHA-256 fingerprint which you can copy when the ElasticSearch runs for the first time or else you can follow from here to regenerate it. Once you have the SHA-256 fingerprint you can simply do:

es_obj = Elasticsearch([{'host': 'localhost', 'port' : 9200, 'scheme': 'https'}], ssl_assert_fingerprint=_es_ca_cert, basic_auth=(_es_username, _es_passkey), timeout=10)

print(es_obj.info()) # To verify the connection

Add your instance's fingerprint using ssl_assert_fingerprint option.

Referenced from here

Labrador answered 18/11, 2023 at 1:11 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.