From 31cca14bf0ac72cd38aecbcffd44ca3d361ab4c7 Mon Sep 17 00:00:00 2001 From: Peter Nied Date: Fri, 8 Mar 2024 16:26:59 -0600 Subject: [PATCH 01/13] Add documentation for security config upgrade feature Signed-off-by: Peter Nied Signed-off-by: Peter Nied --- _security/access-control/api.md | 79 +++++++++++++++++++++++++++++++++ 1 file changed, 79 insertions(+) diff --git a/_security/access-control/api.md b/_security/access-control/api.md index ee6aee7d71..e4eebfd792 100644 --- a/_security/access-control/api.md +++ b/_security/access-control/api.md @@ -1290,6 +1290,85 @@ PATCH _plugins/_security/api/securityconfig } ``` +### Check configuration upgrade +Introduced 2.13 +{: .label .label-purple } + +Checks the configuration bundled with the Security Plugin against the existing security configuration, returns if an upgrade can be performed and what resources would be updated. + +#### Request + +```json +GET _plugins/_security/api/_upgrade_check +``` +{% include copy-curl.html %} + +#### Example response + +```json +{ + "status" : "OK", + "upgradeAvailable" : true, + "upgradeActions" : { + "roles" : { + "add" : [ "flow_framework_full_access" ] + } + } +} +``` + +#### Response fields + +| Field | Data type | Description | +|:---------|:-----------|:------------------------------| +| upgradeAvailable | Boolean | True when an upgrade can be performed. | +| upgradeActions | Object | The security objects that would be modified by an upgrade. | + +### Perform configuration upgrade +Introduced 2.13 +{: .label .label-purple } + +Adds and updates resources on the existing security configuration from the configuration bundled with the Security Plugin. + +These bundled configuration files can be found in the opensearch-project/security/config directory. Default configuration files are updated on OpenSearch upgrade, whereas the cluster configuration is only updated by the cluster operators. This request used to bridge these scenarios. + +#### Request + +```json +POST _plugins/_security/api/_upgrade_check +{ + "configs": ["roles"] +} +``` +{% include copy-curl.html %} + +#### Request fields + +| Field | Data type | Description | Required | +|:----------------|:-----------|:------------------------------------------------------------------------------------------------------------------|:---------| +| configs | Array | Specifies the configurations to be upgraded. This field can include any combination of the following values: `actiongroups`,`allowlist`, `audit`, `internalusers`, `nodesdn`, `roles`, `rolesmappings`, `tenants`. If absent, all supported configurations are included. | No | + + +#### Example response + +```json +{ + "status" : "OK", + "upgrades" : { + "roles" : { + "add" : [ "flow_framework_full_access" ] + } + } +} +``` + +#### Response fields + +| Field | Data type | Description | +|:---------|:-----------|:------------------------------| +| `upgrades` | Object | A container for the upgrade results, organized by configuration type (e.g., `roles`). Each configuration type that has changes will be represented as a key in this object. | +| ↳ `roles` | Object | Demonstrates changes made to the roles configuration. The `roles` object contains keys of actions `add`, `modify`, etc..., listing the objects change in this way. | + --- ## Distinguished names From a779ce3a3083cd1f72a6cf174c4207ca4907bf8e Mon Sep 17 00:00:00 2001 From: Peter Nied Date: Fri, 15 Mar 2024 11:51:42 -0500 Subject: [PATCH 02/13] Fix vale annotations Signed-off-by: Peter Nied --- _security/access-control/api.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/_security/access-control/api.md b/_security/access-control/api.md index e4eebfd792..ff62e57e91 100644 --- a/_security/access-control/api.md +++ b/_security/access-control/api.md @@ -1294,7 +1294,7 @@ PATCH _plugins/_security/api/securityconfig Introduced 2.13 {: .label .label-purple } -Checks the configuration bundled with the Security Plugin against the existing security configuration, returns if an upgrade can be performed and what resources would be updated. +Checks the configuration bundled with the Security plugin against the existing security configuration, returns if an upgrade can be performed and what resources would be updated. #### Request @@ -1321,16 +1321,16 @@ GET _plugins/_security/api/_upgrade_check | Field | Data type | Description | |:---------|:-----------|:------------------------------| -| upgradeAvailable | Boolean | True when an upgrade can be performed. | -| upgradeActions | Object | The security objects that would be modified by an upgrade. | +| `upgradeAvailable` | Boolean | True when an upgrade can be performed. | +| `upgradeActions` | Object | The security objects that would be modified by an upgrade. | ### Perform configuration upgrade Introduced 2.13 {: .label .label-purple } -Adds and updates resources on the existing security configuration from the configuration bundled with the Security Plugin. +Adds and updates resources on the existing security configuration from the configuration bundled with the Security plugin. -These bundled configuration files can be found in the opensearch-project/security/config directory. Default configuration files are updated on OpenSearch upgrade, whereas the cluster configuration is only updated by the cluster operators. This request used to bridge these scenarios. +These bundled configuration files can be found in the `opensearch-project/security/config` directory. Default configuration files are updated on OpenSearch upgrade, whereas the cluster configuration is only updated by the cluster operators. This request used to bridge these scenarios. #### Request @@ -1367,7 +1367,7 @@ POST _plugins/_security/api/_upgrade_check | Field | Data type | Description | |:---------|:-----------|:------------------------------| | `upgrades` | Object | A container for the upgrade results, organized by configuration type (e.g., `roles`). Each configuration type that has changes will be represented as a key in this object. | -| ↳ `roles` | Object | Demonstrates changes made to the roles configuration. The `roles` object contains keys of actions `add`, `modify`, etc..., listing the objects change in this way. | +| ↳ `roles` | Object | Demonstrates changes made to the roles configuration. The `roles` object contains keys of actions that list the objects modified by the upgrade. | --- From 57c460506b6bbe8ddc2fe886c3dcbc37c2ad9557 Mon Sep 17 00:00:00 2001 From: Peter Nied Date: Thu, 21 Mar 2024 15:46:59 -0500 Subject: [PATCH 03/13] Feedback round 1 Signed-off-by: Peter Nied --- _security/access-control/api.md | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/_security/access-control/api.md b/_security/access-control/api.md index 6ab612b737..0bf2108ef6 100644 --- a/_security/access-control/api.md +++ b/_security/access-control/api.md @@ -1297,12 +1297,15 @@ PATCH _plugins/_security/api/securityconfig } ``` -### Check configuration upgrade +### Configuration upgrade check Introduced 2.13 {: .label .label-purple } Checks the configuration bundled with the Security plugin against the existing security configuration, returns if an upgrade can be performed and what resources would be updated. +Between new OpenSearch version new defaults to the security configuration are added. This endpoint helps cluster operators check if the cluster is missing defaults or has stale definitions of defaults. +{: .note} + #### Request ```json @@ -1331,18 +1334,21 @@ GET _plugins/_security/api/_upgrade_check | `upgradeAvailable` | Boolean | True when an upgrade can be performed. | | `upgradeActions` | Object | The security objects that would be modified by an upgrade. | -### Perform configuration upgrade +### Configuration upgrade Introduced 2.13 {: .label .label-purple } Adds and updates resources on the existing security configuration from the configuration bundled with the Security plugin. -These bundled configuration files can be found in the `opensearch-project/security/config` directory. Default configuration files are updated on OpenSearch upgrade, whereas the cluster configuration is only updated by the cluster operators. This request used to bridge these scenarios. +These bundled configuration files can be found in the `/security/config` directory. Default configuration files are updated on OpenSearch upgrade, whereas the cluster configuration is only updated by the cluster operators. This endpoint helps cluster operators upgrade missing defaults and stale defaults definitions. + +Between new OpenSearch version new defaults to the security configuration are added. This endpoint helps cluster operators check if the cluster is missing default roles or has stale definitions of default roles. +{: .note} #### Request ```json -POST _plugins/_security/api/_upgrade_check +POST _plugins/_security/api/_upgrade_perform { "configs": ["roles"] } @@ -1353,7 +1359,7 @@ POST _plugins/_security/api/_upgrade_check | Field | Data type | Description | Required | |:----------------|:-----------|:------------------------------------------------------------------------------------------------------------------|:---------| -| configs | Array | Specifies the configurations to be upgraded. This field can include any combination of the following values: `actiongroups`,`allowlist`, `audit`, `internalusers`, `nodesdn`, `roles`, `rolesmappings`, `tenants`. If absent, all supported configurations are included. | No | +| configs | Array | Specifies the configurations to be upgraded. This field can include any combination of the following values.
`actiongroups`,`allowlist`, `audit`, `internalusers`, `nodesdn`, `roles`, `rolesmappings`, `tenants`
If absent, all supported configurations are included. | No | #### Example response From 299a7b762937bf58d07318c562c0c48a251ed881 Mon Sep 17 00:00:00 2001 From: Peter Nied Date: Thu, 21 Mar 2024 15:58:34 -0500 Subject: [PATCH 04/13] Resolve OpenSearch.SpacingPunctuation Signed-off-by: Peter Nied --- _security/access-control/api.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_security/access-control/api.md b/_security/access-control/api.md index 0bf2108ef6..bec5c7ba35 100644 --- a/_security/access-control/api.md +++ b/_security/access-control/api.md @@ -1340,7 +1340,7 @@ Introduced 2.13 Adds and updates resources on the existing security configuration from the configuration bundled with the Security plugin. -These bundled configuration files can be found in the `/security/config` directory. Default configuration files are updated on OpenSearch upgrade, whereas the cluster configuration is only updated by the cluster operators. This endpoint helps cluster operators upgrade missing defaults and stale defaults definitions. +These bundled configuration files can be found in the `/security/config` directory. Default configuration files are updated on OpenSearch upgrade, whereas the cluster configuration is only updated by the cluster operators. This endpoint helps cluster operators upgrade missing defaults and stale defaults definitions. Between new OpenSearch version new defaults to the security configuration are added. This endpoint helps cluster operators check if the cluster is missing default roles or has stale definitions of default roles. {: .note} From 059b969a9d9cafb3fb6b84aadff39e310673c604 Mon Sep 17 00:00:00 2001 From: Peter Nied Date: Fri, 22 Mar 2024 13:47:18 +0000 Subject: [PATCH 05/13] Fix vale error Signed-off-by: Peter Nied --- _security/access-control/api.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_security/access-control/api.md b/_security/access-control/api.md index bec5c7ba35..5c8ddf76bf 100644 --- a/_security/access-control/api.md +++ b/_security/access-control/api.md @@ -1342,7 +1342,7 @@ Adds and updates resources on the existing security configuration from the confi These bundled configuration files can be found in the `/security/config` directory. Default configuration files are updated on OpenSearch upgrade, whereas the cluster configuration is only updated by the cluster operators. This endpoint helps cluster operators upgrade missing defaults and stale defaults definitions. -Between new OpenSearch version new defaults to the security configuration are added. This endpoint helps cluster operators check if the cluster is missing default roles or has stale definitions of default roles. +Between new OpenSearch version new defaults to the security configuration are added. This endpoint helps cluster operators check if the cluster is missing default roles or has stale definitions of default roles. {: .note} #### Request From cc760bbedb6c559927fa8fa88c15d0b82744d4aa Mon Sep 17 00:00:00 2001 From: Peter Nied Date: Fri, 22 Mar 2024 15:03:10 +0000 Subject: [PATCH 06/13] Clean up rendering of list of options for upgrade Signed-off-by: Peter Nied --- _security/access-control/api.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_security/access-control/api.md b/_security/access-control/api.md index 5c8ddf76bf..71f735cd7c 100644 --- a/_security/access-control/api.md +++ b/_security/access-control/api.md @@ -1359,7 +1359,7 @@ POST _plugins/_security/api/_upgrade_perform | Field | Data type | Description | Required | |:----------------|:-----------|:------------------------------------------------------------------------------------------------------------------|:---------| -| configs | Array | Specifies the configurations to be upgraded. This field can include any combination of the following values.
`actiongroups`,`allowlist`, `audit`, `internalusers`, `nodesdn`, `roles`, `rolesmappings`, `tenants`
If absent, all supported configurations are included. | No | +| configs | Array | Specifies the configurations to be upgraded. This field can include any combination of the following configurations `actiongroups`,`allowlist`, `audit`, `internalusers`, `nodesdn`, `roles`, `rolesmappings`, `tenants`.
Default is all supported configurations. | No | #### Example response From b5cc84477a403014c695796c68f779f98cf5ff63 Mon Sep 17 00:00:00 2001 From: Peter Nied Date: Fri, 22 Mar 2024 15:06:43 +0000 Subject: [PATCH 07/13] Clean up formatting around example a little Signed-off-by: Peter Nied --- _security/access-control/api.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_security/access-control/api.md b/_security/access-control/api.md index 71f735cd7c..0792900819 100644 --- a/_security/access-control/api.md +++ b/_security/access-control/api.md @@ -1350,7 +1350,7 @@ Between new OpenSearch version new defaults to the security configuration are ad ```json POST _plugins/_security/api/_upgrade_perform { - "configs": ["roles"] + "configs" : [ "roles" ] } ``` {% include copy-curl.html %} From 1243997ca66ac34e376d2c90bd0e7ed7c0bf0778 Mon Sep 17 00:00:00 2001 From: Peter Nied Date: Tue, 26 Mar 2024 11:45:14 -0500 Subject: [PATCH 08/13] PR Feedback 2 Signed-off-by: Peter Nied Signed-off-by: Peter Nied --- _security/access-control/api.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/_security/access-control/api.md b/_security/access-control/api.md index 0792900819..0002054397 100644 --- a/_security/access-control/api.md +++ b/_security/access-control/api.md @@ -1303,7 +1303,7 @@ Introduced 2.13 Checks the configuration bundled with the Security plugin against the existing security configuration, returns if an upgrade can be performed and what resources would be updated. -Between new OpenSearch version new defaults to the security configuration are added. This endpoint helps cluster operators check if the cluster is missing defaults or has stale definitions of defaults. +Between new OpenSearch versions, there are changes to the default security configuration. This endpoint helps cluster operators check if the cluster is missing defaults or has stale definitions of defaults. {: .note} #### Request @@ -1342,8 +1342,6 @@ Adds and updates resources on the existing security configuration from the confi These bundled configuration files can be found in the `/security/config` directory. Default configuration files are updated on OpenSearch upgrade, whereas the cluster configuration is only updated by the cluster operators. This endpoint helps cluster operators upgrade missing defaults and stale defaults definitions. -Between new OpenSearch version new defaults to the security configuration are added. This endpoint helps cluster operators check if the cluster is missing default roles or has stale definitions of default roles. -{: .note} #### Request From 6cfc3ad5e1b5efcf2af0e673940dfa127b47e99e Mon Sep 17 00:00:00 2001 From: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com> Date: Tue, 26 Mar 2024 13:00:13 -0500 Subject: [PATCH 09/13] Update api.md --- _security/access-control/api.md | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/_security/access-control/api.md b/_security/access-control/api.md index 0002054397..1e15272300 100644 --- a/_security/access-control/api.md +++ b/_security/access-control/api.md @@ -1298,12 +1298,13 @@ PATCH _plugins/_security/api/securityconfig ``` ### Configuration upgrade check + Introduced 2.13 {: .label .label-purple } -Checks the configuration bundled with the Security plugin against the existing security configuration, returns if an upgrade can be performed and what resources would be updated. +Checks the cuurent configuration bundled with the host's Security plugin and compares it to the latest Security plugin bundled with OpenSearch. Then, the API returns whether or not can be performed and what resources can be updated. -Between new OpenSearch versions, there are changes to the default security configuration. This endpoint helps cluster operators check if the cluster is missing defaults or has stale definitions of defaults. +When a new OpenSearch version is released, there are changes to the default security configuration. This endpoint helps cluster operators check if the cluster is missing defaults or has stale definitions of defaults. {: .note} #### Request @@ -1331,14 +1332,15 @@ GET _plugins/_security/api/_upgrade_check | Field | Data type | Description | |:---------|:-----------|:------------------------------| -| `upgradeAvailable` | Boolean | True when an upgrade can be performed. | -| `upgradeActions` | Object | The security objects that would be modified by an upgrade. | +| `upgradeAvailable` | Boolean | Responds with `true` when an upgrade to the security configuration is avaliable. | +| `upgradeActions` | Object list | A list of security objects that would be modified if upgrading the host's Security Plugin. | ### Configuration upgrade + Introduced 2.13 {: .label .label-purple } -Adds and updates resources on the existing security configuration from the configuration bundled with the Security plugin. +Adds and updates resources on a host's existing security configuration from the configuration bundled with the latest version of the Security plugin. These bundled configuration files can be found in the `/security/config` directory. Default configuration files are updated on OpenSearch upgrade, whereas the cluster configuration is only updated by the cluster operators. This endpoint helps cluster operators upgrade missing defaults and stale defaults definitions. @@ -1357,7 +1359,7 @@ POST _plugins/_security/api/_upgrade_perform | Field | Data type | Description | Required | |:----------------|:-----------|:------------------------------------------------------------------------------------------------------------------|:---------| -| configs | Array | Specifies the configurations to be upgraded. This field can include any combination of the following configurations `actiongroups`,`allowlist`, `audit`, `internalusers`, `nodesdn`, `roles`, `rolesmappings`, `tenants`.
Default is all supported configurations. | No | +| `configs` | Array | Specifies the configurations to be upgraded. This field can include any combination of the following configuration:s `actiongroups`,`allowlist`, `audit`, `internalusers`, `nodesdn`, `roles`, `rolesmappings`, `tenants`.
Default is all supported configurations. | No | #### Example response @@ -1377,8 +1379,8 @@ POST _plugins/_security/api/_upgrade_perform | Field | Data type | Description | |:---------|:-----------|:------------------------------| -| `upgrades` | Object | A container for the upgrade results, organized by configuration type (e.g., `roles`). Each configuration type that has changes will be represented as a key in this object. | -| ↳ `roles` | Object | Demonstrates changes made to the roles configuration. The `roles` object contains keys of actions that list the objects modified by the upgrade. | +| `upgrades` | Object | A container for the upgrade results, organized by configuration type, such as `roles`. Each configuration type that has changed will be represented as a key in this object. | +| `roles` | Object | Contains a list role-based action keys of objects modified by the upgrade. | --- From 6aab4e35ae982fbea99fd8c58d9c9ea6709a89d9 Mon Sep 17 00:00:00 2001 From: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com> Date: Tue, 26 Mar 2024 13:39:07 -0500 Subject: [PATCH 10/13] Apply suggestions from code review Co-authored-by: Nathan Bower Signed-off-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com> --- _security/access-control/api.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/_security/access-control/api.md b/_security/access-control/api.md index 1e15272300..3f0752f2ac 100644 --- a/_security/access-control/api.md +++ b/_security/access-control/api.md @@ -1302,9 +1302,9 @@ PATCH _plugins/_security/api/securityconfig Introduced 2.13 {: .label .label-purple } -Checks the cuurent configuration bundled with the host's Security plugin and compares it to the latest Security plugin bundled with OpenSearch. Then, the API returns whether or not can be performed and what resources can be updated. +Checks the cuurent configuration bundled with the host's Security plugin and compares it to the latest Security plugin bundled with OpenSearch. Then the API returns whether or not can be performed and what resources can be updated. -When a new OpenSearch version is released, there are changes to the default security configuration. This endpoint helps cluster operators check if the cluster is missing defaults or has stale definitions of defaults. +With each new OpenSearch version, there are changes to the default security configuration. This endpoint helps cluster operators determine whether the cluster is missing defaults or has stale definitions of defaults. {: .note} #### Request @@ -1332,8 +1332,8 @@ GET _plugins/_security/api/_upgrade_check | Field | Data type | Description | |:---------|:-----------|:------------------------------| -| `upgradeAvailable` | Boolean | Responds with `true` when an upgrade to the security configuration is avaliable. | -| `upgradeActions` | Object list | A list of security objects that would be modified if upgrading the host's Security Plugin. | +| `upgradeAvailable` | Boolean | Responds with `true` when an upgrade to the security configuration is available. | +| `upgradeActions` | Object list | A list of security objects that would be modified when upgrading the host's Security plugin. | ### Configuration upgrade @@ -1342,7 +1342,7 @@ Introduced 2.13 Adds and updates resources on a host's existing security configuration from the configuration bundled with the latest version of the Security plugin. -These bundled configuration files can be found in the `/security/config` directory. Default configuration files are updated on OpenSearch upgrade, whereas the cluster configuration is only updated by the cluster operators. This endpoint helps cluster operators upgrade missing defaults and stale defaults definitions. +These bundled configuration files can be found in the `/security/config` directory. Default configuration files are updated when OpenSearch is upgraded, whereas the cluster configuration is only updated by the cluster operators. This endpoint helps cluster operator upgrade missing defaults and stale default definitions. #### Request @@ -1359,7 +1359,7 @@ POST _plugins/_security/api/_upgrade_perform | Field | Data type | Description | Required | |:----------------|:-----------|:------------------------------------------------------------------------------------------------------------------|:---------| -| `configs` | Array | Specifies the configurations to be upgraded. This field can include any combination of the following configuration:s `actiongroups`,`allowlist`, `audit`, `internalusers`, `nodesdn`, `roles`, `rolesmappings`, `tenants`.
Default is all supported configurations. | No | +| `configs` | Array | Specifies the configurations to be upgraded. This field can include any combination of the following configurations: `actiongroups`,`allowlist`, `audit`, `internalusers`, `nodesdn`, `roles`, `rolesmappings`, `tenants`.
Default is all supported configurations. | No | #### Example response @@ -1379,8 +1379,8 @@ POST _plugins/_security/api/_upgrade_perform | Field | Data type | Description | |:---------|:-----------|:------------------------------| -| `upgrades` | Object | A container for the upgrade results, organized by configuration type, such as `roles`. Each configuration type that has changed will be represented as a key in this object. | -| `roles` | Object | Contains a list role-based action keys of objects modified by the upgrade. | +| `upgrades` | Object | A container for the upgrade results, organized by configuration type, such as `roles`. Each changed configuration type will be represented as a key in this object. | +| `roles` | Object | Contains a list of role-based action keys of objects modified by the upgrade. | --- From a4d03720e81b76713a1c9a9ac9dea9d755c1a42e Mon Sep 17 00:00:00 2001 From: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com> Date: Tue, 26 Mar 2024 13:50:48 -0500 Subject: [PATCH 11/13] Apply suggestions from code review Signed-off-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com> --- _security/access-control/api.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_security/access-control/api.md b/_security/access-control/api.md index 3f0752f2ac..4387db4181 100644 --- a/_security/access-control/api.md +++ b/_security/access-control/api.md @@ -1302,7 +1302,7 @@ PATCH _plugins/_security/api/securityconfig Introduced 2.13 {: .label .label-purple } -Checks the cuurent configuration bundled with the host's Security plugin and compares it to the latest Security plugin bundled with OpenSearch. Then the API returns whether or not can be performed and what resources can be updated. +Checks the current configuration bundled with the host's Security plugin and compares it to the latest Security plugin bundled with OpenSearch. Then, the API returns whether or not can an upgrade can be performed and what resources can be updated. With each new OpenSearch version, there are changes to the default security configuration. This endpoint helps cluster operators determine whether the cluster is missing defaults or has stale definitions of defaults. {: .note} From a1bc78cb1176dc45982bcae5e8fcc001f952a379 Mon Sep 17 00:00:00 2001 From: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com> Date: Wed, 27 Mar 2024 10:09:04 -0500 Subject: [PATCH 12/13] Update _security/access-control/api.md Co-authored-by: Nathan Bower Signed-off-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com> --- _security/access-control/api.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_security/access-control/api.md b/_security/access-control/api.md index 4387db4181..c0c73a7005 100644 --- a/_security/access-control/api.md +++ b/_security/access-control/api.md @@ -1302,7 +1302,7 @@ PATCH _plugins/_security/api/securityconfig Introduced 2.13 {: .label .label-purple } -Checks the current configuration bundled with the host's Security plugin and compares it to the latest Security plugin bundled with OpenSearch. Then, the API returns whether or not can an upgrade can be performed and what resources can be updated. +Checks the current configuration bundled with the host's Security plugin and compares it to the latest Security plugin bundled with OpenSearch. Then, the API responds indicating whether or not an upgrade can be performed and what resources can be updated. With each new OpenSearch version, there are changes to the default security configuration. This endpoint helps cluster operators determine whether the cluster is missing defaults or has stale definitions of defaults. {: .note} From 698542cbce03384a1d8d43d0ffd1a9da56ba453d Mon Sep 17 00:00:00 2001 From: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com> Date: Wed, 27 Mar 2024 12:04:06 -0500 Subject: [PATCH 13/13] Update _security/access-control/api.md Signed-off-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com> --- _security/access-control/api.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_security/access-control/api.md b/_security/access-control/api.md index c0c73a7005..8a464bdeb1 100644 --- a/_security/access-control/api.md +++ b/_security/access-control/api.md @@ -1302,7 +1302,7 @@ PATCH _plugins/_security/api/securityconfig Introduced 2.13 {: .label .label-purple } -Checks the current configuration bundled with the host's Security plugin and compares it to the latest Security plugin bundled with OpenSearch. Then, the API responds indicating whether or not an upgrade can be performed and what resources can be updated. +Checks the current configuration bundled with the host's Security plugin and compares it to the version of the OpenSearch Security plugin the user downloaded. Then, the API responds indicating whether or not an upgrade can be performed and what resources can be updated. With each new OpenSearch version, there are changes to the default security configuration. This endpoint helps cluster operators determine whether the cluster is missing defaults or has stale definitions of defaults. {: .note}