[英]Ruby On Rails: ElasticSearch authentication (Tire and ElasticSearch-rails)
I have a Ruby On Rails app deployed on Heroku, Im using the ElasticSearch add-on, my elastic search clusters were working normally but recently ElasticSearch add-on required all clusters to enforce authentication to protect the data that is inside of the hosted cluster, now on every request we try to make we receive the following exception:我在 Heroku 上部署了一个 Ruby On Rails 应用程序,我使用 ElasticSearch 附加组件,我的弹性搜索集群正常工作,但最近 ElasticSearch 附加组件要求所有集群强制执行身份验证以保护托管集群内部的数据,现在,在我们尝试提出的每个请求中,我们都会收到以下异常:
Tire::Search::SearchRequestFailed (401 : {"error":{"root_cause":[{"type":"security_exception","reason":"action [indices:data/read/search] requires authentication","header":{"WWW-Authenticate":"Basic realm=\\"shield\\" charset=\\"UTF-8\\""}}],"type":"security_exception","reason":"action [indices:data/read/search] requires authentication","header":{"WWW-Authenticate":"Basic realm=\\"shield\\" charset=\\"UTF-8\\""}},"status":401}):
We configured some users from the Shield plugin that comes with Elasticsearch, however Im not sure how can I enter this authentication from my ruby On Rails application, Im using Tire to integrate elastic search in my Ruby On Rails app, but I can't find were can I put this information in order to authenticate my app and solve this issue.我们从 Elasticsearch 附带的Shield插件配置了一些用户,但是我不确定如何从我的 ruby On Rails 应用程序输入此身份验证,我使用 Tyre 将弹性搜索集成到我的 Ruby On Rails 应用程序中,但我找不到我是否可以将这些信息用于验证我的应用程序并解决此问题。
We would like to know how to authenticate using these two gems: ElasticSearch-rails and Tire我们想知道如何使用这两个 gem 进行身份验证: ElasticSearch-rails和Tyre
I recommend the use of elasticsearch-rails instead of tire (abbandoned). 我建议使用elasticsearch-rails而不是轮胎(废弃)。
With elasticsearch-rails: 使用elasticsearch-rails:
gemfile 宝石文件
gem 'elasticsearch'
gem 'elasticsearch-model'
gem 'elasticsearch-rails'
Do the models searchable 模型可以搜索吗
Apply the feature extraction pattern (searchable concern) to your models. 将特征提取模式 (可搜索关注点)应用于模型。
Configure your elastic search client 配置您的弹性搜索客户端
for all models in an initializer ( config/initializers/elastic_search_client.rb
or whatever) with auth using common URL format 适用于使用通用URL格式通过auth进行config/initializers/elastic_search_client.rb
的初始化器( config/initializers/elastic_search_client.rb
或其他任何模型)中的所有模型
Elasticsearch::Client.new url: 'https://username:password@api.server.org:4430/search
' Elasticsearch::Client.new url: 'https://username:password@api.server.org:4430/search
'
or with auth using a hash 或使用哈希使用auth
Elasticsearch::Client.new hosts: [
{ host: 'my-protected-host',
port: '443',
user: 'USERNAME',
password: 'PASSWORD',
scheme: 'https'
} ]
take a look at advanced client options for additional information. 请查看高级客户端选项以获取更多信息。
Note: I did not test it by myself, this is the theory, maybe something is missing, check the elasticsearch-rails docs . 注意:我并没有亲自测试它,这是理论,也许是缺少了一些,请查看elasticsearch-rails docs 。
I hope this helps. 我希望这有帮助。
You can set ELASTICSEARCH_URL
environment variable to https://USER:PASSWORD@some.domain:9200
.您可以将ELASTICSEARCH_URL
环境变量设置为https://USER:PASSWORD@some.domain:9200
。
This works because the client initialized by the elasticsearch-rails
gem will actually be that of elastic-transport-ruby
gem, and the client of this gem will use ELASTICSEARCH_URL
environment variable, as defined in here: https://github.com/elastic/elastic-transport-ruby/blob/1dcb6c9db68dba70958e99d50e35a577d7d7f628/lib/elastic/transport/client.rb#L139-L144这是有效的,因为由elasticsearch-rails
gem 初始化的客户端实际上是elastic-transport-ruby
gem 的客户端,并且这个 gem 的客户端将使用ELASTICSEARCH_URL
环境变量,定义如下: https : //github.com/elastic /elastic-transport-ruby/blob/1dcb6c9db68dba70958e99d50e35a577d7d7f628/lib/elastic/transport/client.rb#L139-L144
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.