But after setting an exclusion pattern (whitelist or blacklist) or even completely forbid the creation, I'm still able to create an empty index with a simple PUT to the REST API.
Is that intended behavior or did I read the documentation wrong?
How to reproduce:
PUT _cluster/settings
{
"persistent": {
"action.auto_create_index": "false"
}
}
PUT new_index_name
This was tested on the latest elasticsearch download: stable 7.1.1 windows
But we have seen this also in earlier versions and also when setting the value via yaml config.
P.S. The good news, when I try to do a PUT with a document, that seems to be properly forbidden.
This is the expected behaviour. action.auto_create_index is there to prevent Elasticsearch from automatically creating indices when asked to index documents into an index that doesn't currently exist. However PUT new_index_name is an explicit index creation, not an automatic one, so action.auto_create_index has no effect.
thank you for the super fast response and clarification.
So I did misunderstand the documentation.
(May be this can be added to the documentation?)
Is there a way to achieve this (white-list/black-list of allowed indices) even for explicit PUT commands? We are looking into this due to accidental PUTs of buggy scripts.
The docs you linked are specifically about indexing operations, i.e. operations on documents, and not about explicit index creation operations, so I think they make sense. But of course I'm used to them. If there's something you can think of that would have helped then please open a PR.
I think the best bet for preventing certain actions is to use Security, although I'm not the best person to ask about the details.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.