pmaier1
commented
2 years ago Why can't we use Elasticsearch without authentication like other customers do?
Closed xoxys closed 2 years ago
pmaier1
commented
2 years ago Why can't we use Elasticsearch without authentication like other customers do?
xoxys
commented
2 years ago Why can't we just support pretty common deployment strategies ;)
We deploy software always to standalone systems and not a single host. This avoids performance impacts, impacts on host failures and reduce downtime. A single node Elastic alongside the ownCloud is also not recommended nor supported by Elastic for production environments.
TheRealBro
commented
2 years ago Are we really the only customers in the world which do not run elasticsearch on localhost and therefore want to have authentication?
micbar
commented
2 years ago AFAICT we have only one customer which uses Elasticsearch. This customer uses it in an internal network.
But why discussing this so long? Implementation would already be done IMO ;-)
Needs prio.
xoxys
commented
2 years ago This customer uses it in an internal network.
Most attackers are company internals. Besides that, running apps without TLS and Auth in 2022 regardless of the deployment on the same host, internal or public, is simply not State of the Art anymore.
The Full text search will index all documents and write to Elastic. This will bypass every protection (secure view, general access permissions and so on) targeting the ES server that is running without any kind of protection...
micbar
commented
2 years ago @pmaier1 please prioretize
pmaier1
commented
2 years ago Alright. We'll schedule the implementation.
ahherrera
commented
2 years ago Hi @pmaier1 !! Help me with this validation. Elastic search has two ways of authentication: 1- By username and password. 2- By Apikey. Do you want to implement both in this issue or only the first one?
xoxys
commented
2 years ago I vote for both.
pmaier1
commented
2 years ago Hi @ahherrera :) as we're anyway touching this now, I'd also like to see both approaches implemented. Please let me know if there are huge differences in efforts.
ahherrera
commented
2 years ago Hi @pmaier1 !!! The difference in time spent is not that much, much of what I have to develop for one works for the other.
ahherrera
commented
2 years ago The scope of the solution adds only username and password authentication. At the beginning I thought that it would not take more time to add the authentication by ApiKey, but after knowing the code it would take more time than I thought. For this reason I have requested the PR so that this functionality can be reviewed and that @pmaier1 can comment me if I take the time to add the ApiKey authentication.
pmaier1
commented
2 years ago @ahherrera Please add both methods, username/pw and api key. Thanks.
jnweiger
commented
2 years ago @ahherrera In the admin UI, I only saw username/pw. Does it also work with API-key?
ahherrera
commented
2 years ago @ahherrera In the admin UI, I only saw username/pw. Does it also work with API-key?
Just I added user and password authentication.
jvillafanez
commented
2 years ago Fixed in 2.2.0
I can't get the search app working with an Elastic server that uses authentication and TLS. Full connection string like they are supported in other Tools that use Elastic don't work:
Is there a way to authenticate to an Elastic server and just the documentation is missing or is it not implemented?