How To Create A Read-only Client For Elasticsearch In Python?

I want to read data from ES but don't want to accidentally write data to it(no indexing operations). This is just a safety measure so that someone else later modifying the querying

Solution 1:

when you say you want read-only client. Client emphasize you may have other clients for the same cluster in your system. Then blocking the whole index for read-only will block this for all clients. You must have a job which writes/update your data in cluster.

If this is your usecase then, think of clients as elasticsearch users with each user having different access-policy toward your cluster.

Elastic search provides shield plugin for implementing clients authentication as well as authorization.

You can create multiple ES - users with different access policy in configuration files.

bin/shield/esusers useradd es_admin -r admin

Using role api create roles and dedicate each user to each role.

POST /_shield/role/my_admin_role
{
  "cluster": ["all"], 
  "indices": [ 
    {
      "names": [ "index1", "index2" ], 
      "privileges": ["read"]         
    }
  ],
  "run_as": [ "other_user" ] 
}

you can also configure nginx reverse proxy ahead of es cluster to manager authorization for users if you want to stay away from shield.

Solution 2:

You can parameter your index to "read-only" :

curl -XPUT localhost:9200/test/_settings -d '{
    "index" : {
        "blocks" : {
            "read_only" : true
        }
    }
}'

All index settings are documented here : https://www.elastic.co/guide/en/elasticsearch/reference/current/index-modules.html

And here is how to update index settings : https://www.elastic.co/guide/en/elasticsearch/reference/current/indices-update-settings.html

This is a very restricting operation though.