Missing documentation for the plugins.security.allow_default_init_securityindex property (#919)

* “fix#676-allow_default_init_securityindex” Signed-off-by: cwillum <cwmmoore@amazon.com> * “fix#676-allow_default_init_securityindex” Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#676-allow_default_init_securityindex Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#676-allow_default_init_securityindex Signed-off-by: cwillum <cwmmoore@amazon.com> Signed-off-by: cwillum <cwmmoore@amazon.com>
2022-08-29 13:17:36 -07:00 · 2022-08-29 13:17:36 -07:00 · b9838dfd87
parent f1d1dde8e5
commit b9838dfd87
2 changed files with 8 additions and 1 deletions
--- a/_security-plugin/configuration/configuration.md
+++ b/_security-plugin/configuration/configuration.md
@ -145,7 +145,8 @@ If `challenge` is set to `false` and no `Authorization` header field is set, the

 ## Kerberos

-Kerberos authentication does not work with OpenSearch Dashboards. To track OpenSearch's progress in adding support for Kerberos in OpenSearch Dashboards, see [issue #907 Kerberos Auth does not exist](https://github.com/opensearch-project/security-dashboards-plugin/issues/907) in the Dashboard's Security Plugin repository. {: .warning }
+Kerberos authentication does not work with OpenSearch Dashboards. To track OpenSearch's progress in adding support for Kerberos in OpenSearch Dashboards, see [issue #907 Kerberos Auth does not exist](https://github.com/opensearch-project/security-dashboards-plugin/issues/907) in the Dashboard's Security Plugin repository.
+{: .warning }

 Due to the nature of Kerberos, you must define some settings in `opensearch.yml` and some in `config.yml`.

--- a/_security-plugin/configuration/yaml.md
+++ b/_security-plugin/configuration/yaml.md
@ -124,6 +124,12 @@ plugins.security.restapi.password_validation_regex: '(?=.*[A-Z])(?=.*[^a-zA-Z\d]
 plugins.security.restapi.password_validation_error_message: "Password must be minimum 8 characters long and must contain at least one uppercase letter, one lowercase letter, one digit, and one special character."
 ```

+The opensearch.yml file also contains the `plugins.security.allow_default_init_securityindex` property. When set to `true`, the security plugin uses default security settings if an attempt to create the security index fails when OpenSearch launches. Default security settings are stored in YAML files contained in the `opensearch-project/security/config` directory. By default, this setting is `false`.
+
+```yml
+plugins.security.allow_default_init_securityindex: true
+```
+
 ## allowlist.yml

 You can use `allowlist.yml` to add any endpoints and HTTP requests to a list of allowed endpoints and requests. If enabled, all users except the super admin are allowed access to only the specified endpoints and HTTP requests, and all other HTTP requests associated with the endpoint are denied. For example, if GET `_cluster/settings` is added to the allow list, users cannot submit PUT requests to `_cluster/settings` to update cluster settings.