a9s Search SPI Configuration
This document describes a9s Search SPI configuration.
Custom Parameter Configuration
The a9s Search SPI handles custom parameters for all service instances. It does configuration and validation of custom parameters.
The a9s Search SPI defines default values for certain custom parameters. Also, it defines whether a custom parameter can be set by the application developer.
The platform operator can overwrite those choices by changing the a9s Search
SPI configuration. The platform operator has to configure the property
opensearch-spi.service_instance.custom_param_config
. The property
value must be a hash. Every key in that hash stands for a custom parameter and
the value for every key contains the configuration for that particular
parameter. The configuration for a particular param is a hash consisting of
the following optional keys: default_value
and modifiable
.
The key default_value
specifies the default value for that parameter and
modifiable
specifies whether the application developer is allowed to
set that custom parameter. For example:
opensearch-spi:
service_instance:
custom_param_config:
tls-protocols:
default_value: ['TLSv1.2', 'TLSv1.3']
modifiable: true
Default Custom Parameter Configuration
The following table contains custom parameters that are configurable by the platform operator. The meaning of those custom parameters can be found below.
Name | Default value | Is modifiable |
---|---|---|
tls-protocols | null | true |
tls-ciphers | null | true |
plugins | null | true |
tls-protocols
The parameter tls-protocols
maps to the OpenSearch's configuration
parameter plugins.security.ssl.http.enabled_protocols
, see
Limiting TLS Protocols Used by the Server.
Because it is insecure, the OpenSearch security plugin disables TLSv1
by default.
The value for tls-protocols
must be an array with the values TLSv1.3
and/or TLSv1.2
.
Only Java format is supported.
tls-ciphers
The parameter tls-ciphers
maps to the OpenSearch's configuration
parameter plugins.security.ssl.http.enabled_ciphers
,
see Configuring Cipher Suites.
The value for tls-ciphers
must be an array of strings that list the cipher names. Only Java format is supported.
a9s Search SPI does no validation for the tls-ciphers
value except that
it must be an array of strings or null
.
Example Configuration
The following is an example for the default custom parameter configuration.
The default value for the custom parameter tls-protocols
is TLSv1.3
.
Additionally, the application developer should not be
allowed to change it.
Then the configuration must look the following way:
opensearch-spi:
service_instance:
custom_param_config:
tls-protocols:
default_value: ['TLSv1.3']
modifiable: false
Per Plan Configuration
Take a look at Service Plans documentation if you want to configure the custom parameters per plan.
Notes
Additional custom parameters will be made available over time. We do not make all available custom parameters the SPIs knows available to the platform operator from the beginning.
During the SPI startup, the configuration the platform operator made will be checked. When it's invalid, the SPI will not start up.
opensearch-spi.protocols
For more details on this property, please refer to the a9s Framework TLS configuration documentation.