Search code examples
ruby-on-railsruby-on-rails-4elasticsearchtire

Ruby On Rails: ElasticSearch authentication (Tire and ElasticSearch-rails)

I have a Ruby On Rails app deployed on Heroku, Im using the ElasticSearch add-on, my elastic search clusters were working normally but recently ElasticSearch add-on required all clusters to enforce authentication to protect the data that is inside of the hosted cluster, now on every request we try to make we receive the following exception:

Tire::Search::SearchRequestFailed (401 : {"error":{"root_cause":[{"type":"security_exception","reason":"action [indices:data/read/search] requires authentication","header":{"WWW-Authenticate":"Basic realm=\"shield\" charset=\"UTF-8\""}}],"type":"security_exception","reason":"action [indices:data/read/search] requires authentication","header":{"WWW-Authenticate":"Basic realm=\"shield\" charset=\"UTF-8\""}},"status":401}):

We configured some users from the Shield plugin that comes with Elasticsearch, however Im not sure how can I enter this authentication from my ruby On Rails application, Im using Tire to integrate elastic search in my Ruby On Rails app, but I can't find were can I put this information in order to authenticate my app and solve this issue.

We would like to know how to authenticate using these two gems: ElasticSearch-rails and Tire

Solution

  • I recommend the use of elasticsearch-rails instead of tire (abbandoned).

    With elasticsearch-rails:

    gemfile

    gem 'elasticsearch'
gem 'elasticsearch-model'
gem 'elasticsearch-rails'

    Do the models searchable

    Apply the feature extraction pattern (searchable concern) to your models.

    Configure your elastic search client

    for all models in an initializer (config/initializers/elastic_search_client.rb or whatever) with auth using common URL format

    Elasticsearch::Client.new url: 'https://username:[email protected]:4430/search'

    or with auth using a hash

    Elasticsearch::Client.new hosts: [
  { host: 'my-protected-host',
    port: '443',
    user: 'USERNAME',
    password: 'PASSWORD',
    scheme: 'https'
  } ]

    take a look at advanced client options for additional information.

    Note: I did not test it by myself, this is the theory, maybe something is missing, check the elasticsearch-rails docs.

    I hope this helps.