From a607c7459e763e1ffc3191abb6e3b0f971616ee8 Mon Sep 17 00:00:00 2001 From: James Rodewig <40268737+jrodewig@users.noreply.github.com> Date: Wed, 3 Mar 2021 11:49:58 -0500 Subject: [PATCH 1/2] [DOCS] Add operator privileges to APIs and settings --- .../apis/delete-autoscaling-policy.asciidoc | 8 +++++--- .../autoscaling/apis/put-autoscaling-policy.asciidoc | 8 +++++--- docs/reference/cluster/voting-exclusions.asciidoc | 2 ++ docs/reference/licensing/delete-license.asciidoc | 11 ++++++----- docs/reference/licensing/update-license.asciidoc | 8 +++++--- .../snapshot-restore/apis/repo-analysis-api.asciidoc | 9 +++++++++ x-pack/docs/en/security/using-ip-filtering.asciidoc | 3 ++- 7 files changed, 34 insertions(+), 15 deletions(-) diff --git a/docs/reference/autoscaling/apis/delete-autoscaling-policy.asciidoc b/docs/reference/autoscaling/apis/delete-autoscaling-policy.asciidoc index 48b254b28efda..7f4a4be0fbb55 100644 --- a/docs/reference/autoscaling/apis/delete-autoscaling-policy.asciidoc +++ b/docs/reference/autoscaling/apis/delete-autoscaling-policy.asciidoc @@ -37,9 +37,11 @@ DELETE /_autoscaling/policy/ [[autoscaling-delete-autoscaling-policy-prereqs]] ==== {api-prereq-title} -* If the {es} {security-features} are enabled, you must have -`manage_autoscaling` cluster privileges. For more information, see -<>. +* If the {es} {security-features} are enabled, you must have the +`manage_autoscaling` <> to use this +API. + +* If the {operator-feature} is enabled, only operator users can use this API. [[autoscaling-delete-autoscaling-policy-desc]] ==== {api-description-title} diff --git a/docs/reference/autoscaling/apis/put-autoscaling-policy.asciidoc b/docs/reference/autoscaling/apis/put-autoscaling-policy.asciidoc index df4863290eb86..1a6410f1da536 100644 --- a/docs/reference/autoscaling/apis/put-autoscaling-policy.asciidoc +++ b/docs/reference/autoscaling/apis/put-autoscaling-policy.asciidoc @@ -39,9 +39,11 @@ DELETE /_autoscaling/policy/name [[autoscaling-put-autoscaling-policy-prereqs]] ==== {api-prereq-title} -* If the {es} {security-features} are enabled, you must have -`manage_autoscaling` cluster privileges. For more information, see -<>. +* If the {es} {security-features} are enabled, you must have the +`manage_autoscaling` <> to use this +API. + +* If the {operator-feature} is enabled, only operator users can use this API. [[autoscaling-put-autoscaling-policy-desc]] ==== {api-description-title} diff --git a/docs/reference/cluster/voting-exclusions.asciidoc b/docs/reference/cluster/voting-exclusions.asciidoc index 021c1866240c6..7d2c58ec5ab7c 100644 --- a/docs/reference/cluster/voting-exclusions.asciidoc +++ b/docs/reference/cluster/voting-exclusions.asciidoc @@ -23,6 +23,8 @@ Adds or removes master-eligible nodes from the * If the {es} {security-features} are enabled, you must have the `manage` <> to use this API. +* If the {operator-feature} is enabled, only operator users can use this API. + [[voting-config-exclusions-api-desc]] ==== {api-description-title} diff --git a/docs/reference/licensing/delete-license.asciidoc b/docs/reference/licensing/delete-license.asciidoc index 04c095110cc61..0bcb794b8fc01 100644 --- a/docs/reference/licensing/delete-license.asciidoc +++ b/docs/reference/licensing/delete-license.asciidoc @@ -20,12 +20,13 @@ When your license expires, {xpack} operates in a degraded mode. For more information, see {kibana-ref}/managing-licenses.html#license-expiration[License expiration]. -[discrete] -==== Authorization +[[delete-license-api-prereqs]] +==== {api-prereq-title} + +* If the {es} {security-features} are enabled, you must have the `manage` +<> to use this API. -You must have `manage` cluster privileges to use this API. -For more information, see -<>. +* If the {operator-feature} is enabled, only operator users can use this API. [discrete] ==== Examples diff --git a/docs/reference/licensing/update-license.asciidoc b/docs/reference/licensing/update-license.asciidoc index 823f564331d29..73ed338e67527 100644 --- a/docs/reference/licensing/update-license.asciidoc +++ b/docs/reference/licensing/update-license.asciidoc @@ -18,13 +18,15 @@ Updates the license for your {es} cluster. [[update-license-api-prereqs]] ==== {api-prereq-title} -If {es} {security-features} are enabled, you need `manage` cluster privileges to -install the license. +* If {es} {security-features} are enabled, you need `manage` +<> to install the license. -If {es} {security-features} are enabled and you are installing a gold or higher +* If {es} {security-features} are enabled and you are installing a gold or higher license, you must enable TLS on the transport networking layer before you install the license. See <>. +* If the {operator-feature} is enabled, only operator users can use this API. + [[update-license-api-desc]] ==== {api-description-title} diff --git a/docs/reference/snapshot-restore/apis/repo-analysis-api.asciidoc b/docs/reference/snapshot-restore/apis/repo-analysis-api.asciidoc index a42e0f482263e..0f30097010103 100644 --- a/docs/reference/snapshot-restore/apis/repo-analysis-api.asciidoc +++ b/docs/reference/snapshot-restore/apis/repo-analysis-api.asciidoc @@ -32,6 +32,15 @@ POST /_snapshot/my_repository/_analyze?blob_count=10&max_blob_size=1mb&timeout=1 `POST /_snapshot//_analyze` +[[repo-analysis-api-prereqs]] +==== {api-prereq-title} + +* If the {es} {security-features} are enabled, you must have the `manage` +<> to use this API. For more +information, see <>. + +* If the {operator-feature} is enabled, only operator users can use this API. + [[repo-analysis-api-desc]] ==== {api-description-title} diff --git a/x-pack/docs/en/security/using-ip-filtering.asciidoc b/x-pack/docs/en/security/using-ip-filtering.asciidoc index 1f3e97932427c..64bd35ece7948 100644 --- a/x-pack/docs/en/security/using-ip-filtering.asciidoc +++ b/x-pack/docs/en/security/using-ip-filtering.asciidoc @@ -17,7 +17,8 @@ NOTE: Elasticsearch installations are not designed to be publicly accessible === Enabling IP filtering The {es} {security-features} contain an access control feature that allows or -rejects hosts, domains, or subnets. +rejects hosts, domains, or subnets. If the {operator-feature} is enabled, only +operator users can update these settings. You configure IP filtering by specifying the `xpack.security.transport.filter.allow` and `xpack.security.transport.filter.deny` settings in `elasticsearch.yml`. Allow rules From 4076bfee8fab59c246dabe917d9a823e60e924c5 Mon Sep 17 00:00:00 2001 From: James Rodewig <40268737+jrodewig@users.noreply.github.com> Date: Wed, 10 Mar 2021 12:02:21 -0500 Subject: [PATCH 2/2] Add xrefs --- .../autoscaling/apis/delete-autoscaling-policy.asciidoc | 3 ++- .../autoscaling/apis/put-autoscaling-policy.asciidoc | 3 ++- docs/reference/cluster/voting-exclusions.asciidoc | 3 ++- docs/reference/licensing/delete-license.asciidoc | 3 ++- docs/reference/licensing/update-license.asciidoc | 3 ++- .../snapshot-restore/apis/repo-analysis-api.asciidoc | 3 ++- x-pack/docs/en/security/using-ip-filtering.asciidoc | 5 +++-- 7 files changed, 15 insertions(+), 8 deletions(-) diff --git a/docs/reference/autoscaling/apis/delete-autoscaling-policy.asciidoc b/docs/reference/autoscaling/apis/delete-autoscaling-policy.asciidoc index 7f4a4be0fbb55..9aab77d2fc2da 100644 --- a/docs/reference/autoscaling/apis/delete-autoscaling-policy.asciidoc +++ b/docs/reference/autoscaling/apis/delete-autoscaling-policy.asciidoc @@ -41,7 +41,8 @@ DELETE /_autoscaling/policy/ `manage_autoscaling` <> to use this API. -* If the {operator-feature} is enabled, only operator users can use this API. +* If the <> is enabled, only operator +users can use this API. [[autoscaling-delete-autoscaling-policy-desc]] ==== {api-description-title} diff --git a/docs/reference/autoscaling/apis/put-autoscaling-policy.asciidoc b/docs/reference/autoscaling/apis/put-autoscaling-policy.asciidoc index 1a6410f1da536..32aded02a206c 100644 --- a/docs/reference/autoscaling/apis/put-autoscaling-policy.asciidoc +++ b/docs/reference/autoscaling/apis/put-autoscaling-policy.asciidoc @@ -43,7 +43,8 @@ DELETE /_autoscaling/policy/name `manage_autoscaling` <> to use this API. -* If the {operator-feature} is enabled, only operator users can use this API. +* If the <> is enabled, only operator +users can use this API. [[autoscaling-put-autoscaling-policy-desc]] ==== {api-description-title} diff --git a/docs/reference/cluster/voting-exclusions.asciidoc b/docs/reference/cluster/voting-exclusions.asciidoc index 7d2c58ec5ab7c..f08754a9aaf9f 100644 --- a/docs/reference/cluster/voting-exclusions.asciidoc +++ b/docs/reference/cluster/voting-exclusions.asciidoc @@ -23,7 +23,8 @@ Adds or removes master-eligible nodes from the * If the {es} {security-features} are enabled, you must have the `manage` <> to use this API. -* If the {operator-feature} is enabled, only operator users can use this API. +* If the <> is enabled, only operator +users can use this API. [[voting-config-exclusions-api-desc]] ==== {api-description-title} diff --git a/docs/reference/licensing/delete-license.asciidoc b/docs/reference/licensing/delete-license.asciidoc index 0bcb794b8fc01..97b12ece9ae5c 100644 --- a/docs/reference/licensing/delete-license.asciidoc +++ b/docs/reference/licensing/delete-license.asciidoc @@ -26,7 +26,8 @@ information, see * If the {es} {security-features} are enabled, you must have the `manage` <> to use this API. -* If the {operator-feature} is enabled, only operator users can use this API. +* If the <> is enabled, only operator +users can use this API. [discrete] ==== Examples diff --git a/docs/reference/licensing/update-license.asciidoc b/docs/reference/licensing/update-license.asciidoc index 73ed338e67527..6e52a129ac142 100644 --- a/docs/reference/licensing/update-license.asciidoc +++ b/docs/reference/licensing/update-license.asciidoc @@ -25,7 +25,8 @@ Updates the license for your {es} cluster. license, you must enable TLS on the transport networking layer before you install the license. See <>. -* If the {operator-feature} is enabled, only operator users can use this API. +* If the <> is enabled, only operator +users can use this API. [[update-license-api-desc]] ==== {api-description-title} diff --git a/docs/reference/snapshot-restore/apis/repo-analysis-api.asciidoc b/docs/reference/snapshot-restore/apis/repo-analysis-api.asciidoc index 0f30097010103..a48b56d24cc2a 100644 --- a/docs/reference/snapshot-restore/apis/repo-analysis-api.asciidoc +++ b/docs/reference/snapshot-restore/apis/repo-analysis-api.asciidoc @@ -39,7 +39,8 @@ POST /_snapshot/my_repository/_analyze?blob_count=10&max_blob_size=1mb&timeout=1 <> to use this API. For more information, see <>. -* If the {operator-feature} is enabled, only operator users can use this API. +* If the <> is enabled, only operator +users can use this API. [[repo-analysis-api-desc]] ==== {api-description-title} diff --git a/x-pack/docs/en/security/using-ip-filtering.asciidoc b/x-pack/docs/en/security/using-ip-filtering.asciidoc index 64bd35ece7948..c42cb3f1ca1cb 100644 --- a/x-pack/docs/en/security/using-ip-filtering.asciidoc +++ b/x-pack/docs/en/security/using-ip-filtering.asciidoc @@ -17,8 +17,9 @@ NOTE: Elasticsearch installations are not designed to be publicly accessible === Enabling IP filtering The {es} {security-features} contain an access control feature that allows or -rejects hosts, domains, or subnets. If the {operator-feature} is enabled, only -operator users can update these settings. +rejects hosts, domains, or subnets. If the +<> is enabled, only operator users can +update these settings. You configure IP filtering by specifying the `xpack.security.transport.filter.allow` and `xpack.security.transport.filter.deny` settings in `elasticsearch.yml`. Allow rules