Make plugins.security.dfm_empty_overrides_all dynamically toggleable #6002
Description
Summary
plugins.security.dfm_empty_overrides_all is currently not dynamically toggleable. Changing its value requires a node restart, which makes it harder for operators to safely test, roll out, or revert this behavior in running clusters.
It would be useful if this setting could be updated dynamically through the cluster settings API.
Problem
plugins.security.dfm_empty_overrides_all controls important behavior in document field masking resolution, but today it behaves like a static setting.
This creates a few operational issues:
- Operators cannot enable or disable the setting at runtime
- Testing behavior changes requires restarting nodes
- Rollback is slower and more disruptive than necessary
- Rolling out changes consistently across a live cluster is more cumbersome
For a setting that affects runtime authorization behavior, being able to toggle it dynamically would make the feature significantly easier to operate and validate.
Proposed change
Make plugins.security.dfm_empty_overrides_all a dynamic cluster setting so that it can be updated without requiring a restart.
At a high level, this would mean:
- registering the setting as dynamically updatable
- ensuring updated values are safely applied at runtime
- making the effective behavior consistent across the cluster after a cluster settings update
Expected behavior
Users should be able to update the setting with the cluster settings API, for example:
PUT _cluster/settings
{
"persistent": {
"plugins.security.dfm_empty_overrides_all": true
}
}and later disable it similarly without restarting nodes.
Acceptance criteria
plugins.security.dfm_empty_overrides_allcan be updated via the cluster settings API- the updated value is applied at runtime without node restart
- behavior is consistent across nodes after the setting update is published
- tests cover enabling and disabling the setting dynamically
- documentation is updated to reflect that the setting is dynamic
Motivation
This would improve operability and make it easier for administrators to test, adopt, and roll back this behavior in production environments without disruptive restarts.