How to authenticate to Elastic via API with PowerShell?

logalicious · August 28, 2024, 4:46pm

I am trying to generate a dashboard PDF via POST URL. The documentation provides the following curl command:

curl \
-XPOST \ 
-u elastic \ 
-H 'kbn-xsrf: true' \ 
'http://0.0.0.0:5601/api/reporting/generate/csv?jobParams=...'

How can I achieve this with PowerShell while using a username and password?

I found the following examples, has anyone had any luck with these?

$user = 'user'
$pass = 'pass'

$pair = "$($user):$($pass)"

$encodedCreds = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($pair))

$basicAuthValue = "Basic $encodedCreds"

$Headers = @{
    Authorization = $basicAuthValue
}

Invoke-WebRequest -Uri 'https://whatever' -Headers $Headers

OR

$root = 'REST_SERVICE_URL'
$user = "user"
$pass= "password"
$secpasswd = ConvertTo-SecureString $pass -AsPlainText -Force
$credential = New-Object System.Management.Automation.PSCredential($user, $secpasswd)

$result = Invoke-RestMethod $root -Credential $credential

powershell - Use Invoke-WebRequest with a username and password for basic authentication on the GitHub API - Stack Overflow

Automatically generate reports | Kibana Guide [8.15] | Elastic

ashishtiwari1993 · August 29, 2024, 3:53am

Hi @logalicious, Welcome to Elastic community. While running above snippet have you faced any error?

taniumalloy · September 11, 2024, 1:01am

Hello Ashish, thank you for your response. After further exploration and learning, I have found a way to get it to work. I will share this for the community and hope it helps someone moving forward. The key points missed in the examples above were the Method HTTP Verb and converting the responses to JSON.

Here is a working example of authenticating to Kibana from PowerShell:

$user = "elastic"
$pass = "<securepasswordhere>"
$url = "http://192.168.X.X:5601/api/status"
$secpasswd = ConvertTo-SecureString $pass -AsPlainText -Force
$credential = New-Object System.Management.Automation.PSCredential($user, $secpasswd)

$result = Invoke-RestMethod -Method GET -Uri $url -Credential $credential
$result | ConvertTo-Json

The associated output is as follows:

{
    "status":  {
                   "overall":  {
                                   "level":  "available"
                               }
               }
}

It works! I am now able to use API endpoints for Kibana. I am just running this in my home lab so I am not using certs for Kibana. However, I do have X Pack Security enabled for my three-node Elasticsearch cluster. I am using the self-signed SSL certs and I am not able to connect to the Elasticsearch API using the same method.

Here is what I tried:

$user = "elastic"
$pass = "<securepasswordhere>"
$urlElasticsearch = "https://192.168.X.X:9200/_cat/indices?v"
$secpasswd = ConvertTo-SecureString $pass -AsPlainText -Force
$credential = New-Object System.Management.Automation.PSCredential($user, $secpasswd)

<#I tried with and without this section based on some suggestions online to trust invalid certs ([Cert Error Workaround PowerShell](https://stackoverflow.com/questions/11696944/powershell-v3-invoke-webrequest-https-error) #>
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
$AllProtocols = [System.Net.SecurityProtocolType]'Ssl3,Tls,Tls11,Tls12'
[System.Net.ServicePointManager]::SecurityProtocol = $AllProtocols

$resultElasticsearch = Invoke-RestMethod -Method GET -Uri $urlElasticsearch -Credential $credential
$resultElasticsearch | ConvertTo-Json

This is the response I get:

Invoke-RestMethod : The underlying connection was closed: An unexpected error occurred on a send.
At line:11 char:24
+ ... ticsearch = Invoke-RestMethod -Method GET -Uri $urlElasticsearch -Cre ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebException
    + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand

I wish I could figure out what is going on there. Another post on the StackOverflow link showed another method that works, so I know its not a firewall issue.

$user = "elastic"
$pass = "<securepasswordhere>"
$url = "https://192.168.X.X:9200/_cat/indices?v"
$wc = New-Object System.Net.WebClient
$wc.Credentials = New-Object System.Net.NetworkCredential($user,$pass)
$wc.DownloadString($url)

The method above works, but I would prefer to use the Secure String method with Invoke-RestMethod like I did with Kibana.

Please let me know if there is a better way to use Elasticsearch API with PowerShell. Thanks!

Topic		Replies	Views
Kibana Import Objects API Kibana	3	541	December 6, 2021
Load The Data Set KIBANA Kibana	2	290	April 2, 2020
[Kibana API] Cannot list rules using Kibana API, successfull response, empty data Kibana elastic-stack-security	0	16	July 19, 2024
Command to add a user/password on Elastic search Elasticsearch	4	2283	June 23, 2017
Automatic Report in Postman Kibana elastic-stack-reporting	3	941	November 9, 2019

How to authenticate to Elastic via API with PowerShell?

Related topics