44

I'm using elastisearch using Python. My code looks somewhat like this:-

from elasticsearch import Elasticsearch

if __name__ == '__main__': 
    index="IndexPosition"
    es=Elasticsearch(['https://localhost:8080'])
    res = es.search(index='{0}'.format(index), doc_type="log",size=1000, from_=0, body={ "query": {
    "match": {
      
        ...Match condition
      }
    }
  }})

Now, due to changes in architecture user authentication has been added in the elasticsearch.Let's assume username-user and password-pass.How do I pass the username and password in the query..?

Improve this question

8 Answers 8

Reset to default
69

You need to pass the username and password to the Elasticsearch object as shown below:

es = Elasticsearch(['http://localhost:8080'], basic_auth=('user', 'pass'))

You could also use http_auth, but that parameter is deprecated, and should be avoided.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

How did you figure this out/find the http_auth parameter?
Please look into this: stackoverflow.com/a/77505322/7116645 for the latest version.
26

You can pass username, password in url:

ex:

username: elastic

password: changeme

es = Elasticsearch(hosts="http://elastic:changeme@localhost:9200/")

using CURL

curl -X GET "elastic:changeme@localhost:9200/"
Improve this answer

2 Comments

Why does this solution work for me, but not the one above (http_auth=(user,pwd))? Also, saving passwords in clear text is fine for proof-of-concept, but I can't do this for the long term. Suggestions as to how to hide the password?
@Guy A common way of avoiding hardcoding credentials in the code is using environment variables. pypi.org/project/python-dotenv allows you to put credentials in a .env file and load them from there as environment variables
6

In Elasticsearch 8.x, the http_auth parameter is deprecated, use basic_auth or bearer_auth respectively instead.

Elasticsearch >= 8.x basic auth example:

es = Elasticsearch(['https://localhost:8080'], basic_auth=('user', 'pass'))

Elasticseach < 8.x basic auth example:

es = Elasticsearch(['http://localhost:8080'], http_auth=('user', 'pass'))
Improve this answer

Comments

3

yes, use es = Elasticsearch(hosts="http://username:password@es-endpoint:es-port/")

Test success in es version 7.7.1

Improve this answer

1 Comment

hi, am getting an authentication error while trying to see if indices exists? Can you pls provide some sample code. Am using "res = esClient.indices.exists('metadata-store')" after creating esClient object with username/ password
3

I am running ElasticSearch on Docker. ElasticSearch v8.10 automatically enables additional security (e.g., use of certificates). The certificate can be copied to the local machine by running:

docker cp elasticsearch:/usr/share/elasticsearch/config/certs/http_ca.crt .

or, if not on Docker:

cp /usr/share/elasticsearch/config/certs/http_ca.crt .

See: Verifying HTTPS with CA certificates & Run Elasticsearch in Docker - Start a single-node cluster (7-8)

from elasticsearch import Elasticsearch

# Password for the 'elastic' user generated by Elasticsearch
ELASTIC_PASSWORD = "<elastic_password>"

es = Elasticsearch(
    "https://localhost:9200",
    ca_certs="/path/to/http_ca.crt",
    basic_auth=("elastic", ELASTIC_PASSWORD)
)

# Successful response!
es.info()
Improve this answer

1 Comment

this worked for me elasticsearch in docker
2 
es = Elasticsearch([{'host': 'localhost', 'port': '8080'}], http_auth=('user', 'pass'))
Improve this answer

Comments

1

you can connect the elasticsearch with below Host url config

es = Elasticsearch(hosts="http://user:pass@localhost:9200/")
Improve this answer

Comments

1

Girish Kumar's answer works if you have a elastic-search running without https locally. But if it is started with security(which is the default behaviour in ElasticSearch >=8.0) then you will have to also pass in more details about the ca certificate. user2514157 has tried to mention this is their answer but it is only for Docker container. For a local instance of ElasticSearch, you also have an option to pass SHA-256 fingerprint which you can copy when the ElasticSearch runs for the first time or else you can follow from here to regenerate it. Once you have the SHA-256 fingerprint you can simply do:

es_obj = Elasticsearch([{'host': 'localhost', 'port' : 9200, 'scheme': 'https'}], ssl_assert_fingerprint=_es_ca_cert, basic_auth=(_es_username, _es_passkey), timeout=10)

print(es_obj.info()) # To verify the connection

Add your instance's fingerprint using ssl_assert_fingerprint option.

Referenced from here

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.