New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bulk user creation API #33845
Comments
Pinging @elastic/es-security |
We don't plan to introduce a Bulk Users API. Bulk APIs introduce complications around error handling and reporting, and do not necessarily have a major improvement on performance unless an API primarily bound by network latency. However for users who need to create many users at once, we have some recommendations: There are 2 parts to the existing user creation API that have the biggest impact on throughput.
For a long time the API has supported different options for these, but we're added more testing and docs around them in #34729 (see #35242 and #35574). RefreshBy default the PutUser API does the equivalent of Password HashingThis is a bigger improvement (spoiler: up to 200%).
Cheap Password HashingThe cheapest hasher we support for password storage is Pre Hashed PasswordsThe other option is to hash the password before it is sent to the API. ConclusionI wrote a fairly naive, single threaded python script that creates users in a serial fashion and ran it my 2 year old laptop (with Elasticsearch also running on that laptop). For the default options (server side hashing with bcrypt10, default refresh=true) I can create about 8.5 users per second. With client-side hashing and Unless there's a really compelling reason to revisit this, we feel that the existing features provide the right set of options for the Put User API, and those throughput numbers are reasonable. |
Describe the feature:
It would be helpful to have an API method that supports creating multiple users at the same time. This would be particularly useful in situations where hundreds or thousands of users may need to be created, such as when a cluster is initially set up.
The text was updated successfully, but these errors were encountered: