What is the bug?
When #2411 was added to the security codebase, it expands the way that customers can manage their OpenSearch cluster - yay! However, for existing customers this expands the exposure on their security cluster beyond what it was in previous releases.
This functionality should be opt-in via a setting in the security configuration and default to 'disabled' to prevent this exposure.
Do you have any additional context?
The security configuration has to be modified on the disk on a bootstrapping node or using the 'super admin' certificate workflow making the configuration a safe place for this default value.
What is the bug?
When #2411 was added to the security codebase, it expands the way that customers can manage their OpenSearch cluster - yay! However, for existing customers this expands the exposure on their security cluster beyond what it was in previous releases.
This functionality should be
opt-invia a setting in the security configuration and default to 'disabled' to prevent this exposure.Do you have any additional context?
The security configuration has to be modified on the disk on a bootstrapping node or using the 'super admin' certificate workflow making the configuration a safe place for this default value.