Menu
I want to read data from ES but don't want to accidentally write data to it(no indexing operations). This is just a safety measure so that someone else later modifying the querying functions are not allowed to insert data.
652
asked May 11 '26 04:05
when you say you want read-only client. Client emphasize you may have other clients for the same cluster in your system. Then blocking the whole index for read-only will block this for all clients. You must have a job which writes/update your data in cluster.
If this is your usecase then, think of clients as elasticsearch users with each user having different access-policy toward your cluster.
Elastic search provides shield plugin for implementing clients authentication as well as authorization.
You can create multiple ES - users with different access policy in configuration files.
bin/shield/esusers useradd es_admin -r admin
Using role api create roles and dedicate each user to each role.
POST /_shield/role/my_admin_role
{
"cluster": ["all"],
"indices": [
{
"names": [ "index1", "index2" ],
"privileges": ["read"]
}
],
"run_as": [ "other_user" ]
}
you can also configure nginx reverse proxy ahead of es cluster to manager authorization for users if you want to stay away from shield.
168
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
