[BUG] There is no way to configure some security plugin settings

vchirikov commented 7 months ago

Hi, looks like there is no way to configure some of plugins.security config:

Example:

https://github.com/opensearch-project/opensearch-k8s-operator/blob/c3d2a79f932b9a6e02e742318911e93b5d511b11/opensearch-operator/pkg/reconcilers/configuration.go#L66-L67

I have:

#...
  general:
    additionalConfig:
      # doesn't work here (?)
      plugins.security.restapi.roles_enabled: '["all_access", "security_rest_api_access", "full_access"]'
      plugins.security.system_indices.enabled: "false"
#...

I see the default settings in opensearch-config ConfigMap.

plugins.security.restapi.roles_enabled: ["all_access", "security_rest_api_access"]
plugins.security.system_indices.enabled: true

Also see my overrides provided via environment variables in pod, but looks like they doesn't work. There is a way to disable system indices protection?

vchirikov commented 7 months ago

Looks like env vars handled by opensearch-docker-entrypoint.sh

vchirikov commented 7 months ago

Security does not appear in "Opensearch Plugins" - Security - OpenSearch

Looks like not all security things could be configured with env variables.

prudhvigodithi commented 6 months ago

[Triage] Hey @vchirikov just checking is this still an issue with the operator? Thanks

vchirikov commented 6 months ago

@prudhvigodithi yes, but anyway it's also the issue with opensearch plugin

Jerrimikkihvatai commented 5 months ago

Any updates? I am trying to figure out how to enable cert hot reload with plugins.security.ssl_cert_reload_enabled: "true" Is there any way to configure opensearch.yml without spec.general.additionalConfig ?

opensearch-project / opensearch-k8s-operator

[BUG] There is no way to configure some security plugin settings #736