[6.3][DOCS] Adds security content in Elasticsearch Reference

docs/reference/index.asciidoc

@@ -59,9 +59,9 @@ include::monitoring/index.asciidoc[]
 
 include::rollup/index.asciidoc[]
 
-include::{xes-repo-dir}/watcher/index.asciidoc[]
+include::{xes-repo-dir}/security/index.asciidoc[]
 
-include::security/index.asciidoc[]
+include::{xes-repo-dir}/watcher/index.asciidoc[]
 
 include::rest-api/index.asciidoc[]
 

docs/reference/monitoring/production.asciidoc

@@ -52,6 +52,7 @@ POST /_xpack/security/user/remote_monitor
 }
 ---------------------------------------------------------------
 // CONSOLE
+//TEST[skip:license-requirements]
 --
 
 . Configure each {es} node in the cluster you are
@@ -140,6 +141,7 @@ POST /_xpack/security/user/stack-monitor
 }
 --------------------------------------------------
 // CONSOLE
+//TEST[skip:license-requirements]
 
 //image:images/monitoring.jpg["Monitoring",link="images/monitoring.jpg"]
 --

x-pack/docs/en/security/auditing/event-types.asciidoc

@@ -16,7 +16,7 @@ The following is a list of the events that can be generated:
                                           realm type.
 | `access_denied`                   | | | Logged when an authenticated user attempts to execute
                                           an action they do not have the necessary
-                                          <<security-reference, privilege>> to perform.
+                                          <<security-privileges,privilege>> to perform.
 | `access_granted`                  | | | Logged when an authenticated user attempts to execute
                                           an action they have the necessary privilege to perform.
                                           When the `system_access_granted` event is included, all system
@@ -26,7 +26,7 @@ The following is a list of the events that can be generated:
                                           another user that they have the necessary privileges to do.
 | `run_as_denied`                   | | | Logged when an authenticated user attempts to <<run-as-privilege, run as>>
                                           another user action they do not have the necessary
-                                          <<security-reference, privilege>> to do so.
+                                          <<security-privileges,privilege>> to do so.
 | `tampered_request`                | | | Logged when {security} detects that the request has
                                           been tampered with. Typically relates to `search/scroll`
                                           requests when the scroll ID is believed to have been

x-pack/docs/en/security/auditing/index.asciidoc

@@ -1,14 +1,5 @@
-:edit_url: https://github.com/elastic/elasticsearch/edit/{branch}/x-pack/docs/en/security/auditing/overview.asciidoc
 include::overview.asciidoc[]
-
-:edit_url: https://github.com/elastic/elasticsearch/edit/{branch}/x-pack/docs/en/security/auditing/event-types.asciidoc
 include::event-types.asciidoc[]
-
-:edit_url: https://github.com/elastic/elasticsearch/edit/{branch}/x-pack/docs/en/security/auditing/output-logfile.asciidoc
 include::output-logfile.asciidoc[]
-
-:edit_url: https://github.com/elastic/elasticsearch/edit/{branch}/x-pack/docs/en/security/auditing/output-index.asciidoc
 include::output-index.asciidoc[]
-
-:edit_url: https://github.com/elastic/elasticsearch/edit/{branch}/x-pack/docs/en/security/auditing/forwarding-logs.asciidoc
 include::forwarding-logs.asciidoc[]

x-pack/docs/en/security/authentication/file-realm.asciidoc

@@ -19,9 +19,9 @@ IMPORTANT: When you configure realms in `elasticsearch.yml`, only the
 realms you specify are used for authentication. To use the
 `file` realm as a fallback, you must include it in the realm chain.
 
-To define users, {security} provides the {ref}/users-command.html[users]
+To define users, {security} provides the <<users-command,users>>
 command-line tool. This tool enables you to add and remove users, assign user
 roles, and manage user passwords.
 
 For more information, see 
-{ref}/configuring-file-realm.html[Configuring a file realm].
+<<configuring-file-realm>>.

x-pack/docs/en/security/authentication/index.asciidoc

@@ -9,11 +9,7 @@ include::ldap-realm.asciidoc[]
 include::native-realm.asciidoc[]
 include::pki-realm.asciidoc[]
 include::saml-realm.asciidoc[]
-
-include::{xes-repo-dir}/security/authentication/custom-realm.asciidoc[]
-
-include::{xes-repo-dir}/security/authentication/anonymous-access.asciidoc[]
-
-include::{xes-repo-dir}/security/authentication/user-cache.asciidoc[]
-
-include::{xes-repo-dir}/security/authentication/saml-guide.asciidoc[]
+include::custom-realm.asciidoc[]
+include::anonymous-access.asciidoc[]
+include::user-cache.asciidoc[]
+include::saml-guide.asciidoc[]

x-pack/docs/en/security/authorization/index.asciidoc

@@ -1,22 +1,12 @@
 
 include::overview.asciidoc[]
-
 include::built-in-roles.asciidoc[]
-
-include::{xes-repo-dir}/security/authorization/managing-roles.asciidoc[]
-
+include::managing-roles.asciidoc[]
 include::privileges.asciidoc[]
-
 include::document-level-security.asciidoc[]
-
 include::field-level-security.asciidoc[]
-
-include::{xes-repo-dir}/security/authorization/alias-privileges.asciidoc[]
-
-include::{xes-repo-dir}/security/authorization/mapping-roles.asciidoc[]
-
-include::{xes-repo-dir}/security/authorization/field-and-document-access-control.asciidoc[]
-
-include::{xes-repo-dir}/security/authorization/run-as-privilege.asciidoc[]
-
-include::{xes-repo-dir}/security/authorization/custom-roles-provider.asciidoc[]
+include::alias-privileges.asciidoc[]
+include::mapping-roles.asciidoc[]
+include::field-and-document-access-control.asciidoc[]
+include::run-as-privilege.asciidoc[]
+include::custom-roles-provider.asciidoc[]

x-pack/docs/en/security/authorization/mapping-roles.asciidoc

@@ -4,7 +4,7 @@
 
 If you authenticate users with the `native` or `file` realms, you can manage
 role assignment by using the <<managing-native-users, User Management APIs>> or
-the {ref}/users-command.html[users] command-line tool respectively.
+the <<users-command,users>> command-line tool respectively.
 
 For other types of realms, you must create _role-mappings_ that define which
 roles should be assigned to each user based on their username, groups, or
@@ -18,7 +18,7 @@ the API, and other roles that are mapped through files.
 
 When you use role-mappings, you assign existing roles to users.
 The available roles should either be added using the
-{ref}/security-api.html#security-role-apis[role management APIs] or defined in the
+<<security-role-apis,role management APIs>> or defined in the
 <<roles-management-file, roles file>>. Either role-mapping method can use
 either role management method. For example, when you use the role mapping API,
 you are able to map users to both API-managed roles and file-managed roles
@@ -28,7 +28,7 @@ you are able to map users to both API-managed roles and file-managed roles
 ==== Using the role mapping API
 
 You can define role-mappings through the
-{ref}/security-api-put-role-mapping.html[add role mapping API].
+<<security-api-put-role-mapping,add role mapping API>>.
 
 [[mapping-roles-file]]
 ==== Using role mapping files
@@ -41,9 +41,9 @@ By default, role mappings are stored in `ES_PATH_CONF/role_mapping.yml`,
 where `ES_PATH_CONF` is `ES_HOME/config` (zip/tar installations) or
 `/etc/elasticsearch` (package installations). To specify a different location,
 you configure the `files.role_mapping` setting in the 
-{ref}/security-settings.html#ref-ad-settings[Active Directory], 
-{ref}/security-settings.html#ref-ldap-settings[LDAP], and 
-{ref}/security-settings.html#ref-pki-settings[PKI] realm settings in 
+<<ref-ad-settings,Active Directory>>, 
+<<ref-ldap-settings,LDAP>>, and 
+<<ref-pki-settings,PKI>> realm settings in 
 `elasticsearch.yml`.
 
 Within the role mapping file, the security roles are keys and groups and users

x-pack/docs/en/security/configuring-es.asciidoc

@@ -2,14 +2,13 @@
 [[configuring-security]]
 == Configuring security in {es}
 ++++
-<titleabbrev>Configuring Security</titleabbrev>
+<titleabbrev>Configuring security</titleabbrev>
 ++++
 
 {security} enables you to easily secure a cluster. With {security}, you can
 password-protect your data as well as implement more advanced security measures
 such as encrypting communications, role-based access control, IP filtering, and
-auditing. For more information, see
-{xpack-ref}/xpack-security.html[Securing the Elastic Stack].
+auditing. 
 
 To use {security} in {es}:
 
@@ -20,12 +19,12 @@ If you want to try all of the {xpack} features, you can start a 30-day trial. At
 the end of the trial period, you can purchase a subscription to keep using the
 full functionality of the {xpack} components. For more information, see
 https://www.elastic.co/subscriptions and
-{xpack-ref}/license-management.html[License Management].
+{stack-ov}/license-management.html[License management].
 --
 
 . Verify that the `xpack.security.enabled` setting is `true` on each node in
 your cluster. If you are using a trial license, the default value is `false`.
-For more information, see {ref}/security-settings.html[Security Settings in {es}].
+For more information, see <<security-settings>>.
 
 . Configure Transport Layer Security (TLS/SSL) for internode-communication.
 +
@@ -34,20 +33,20 @@ NOTE: This requirement applies to clusters with more than one node and to
 clusters with a single node that listens on an external interface. Single-node
 clusters that use a loopback interface do not have this requirement.  For more
 information, see
-{xpack-ref}/encrypting-communications.html[Encrypting Communications].
+<<encrypting-communications>>.
 
 --
 .. <<node-certificates,Generate node certificates for each of your {es} nodes>>.
 
-.. <<tls-transport, Enable TLS on each {es} node>>.
+.. <<tls-transport,Enable TLS on each {es} node>>.
 
 . If it is not already running, start {es}.
 
 . Set the passwords for all built-in users.
 +
 --
 {security} provides
-{stack-ov}/built-in-users.html[built-in users] to
+<<built-in-users,built-in users>> to
 help you get up and running. The +elasticsearch-setup-passwords+ command is the
 simplest method to set the built-in users' passwords for the first time.
 
@@ -121,7 +120,7 @@ curl -XPOST -u elastic 'localhost:9200/_xpack/security/user/johndoe' -H "Content
 xpack.security.audit.enabled: true
 ----------------------------
 +
-For more information, see {xpack-ref}/auditing.html[Auditing Security Events] 
+For more information, see <<auditing>>
 and <<auditing-settings>>. 
 
 .. Restart {es}.
@@ -131,28 +130,15 @@ By default, events are logged to a dedicated `elasticsearch-access.log` file in
 easier analysis and control what events are logged. 
 --
 
-:edit_url: https://github.com/elastic/elasticsearch/edit/{branch}/docs/reference/security/securing-communications/securing-elasticsearch.asciidoc
-include::{es-repo-dir}/security/securing-communications/securing-elasticsearch.asciidoc[]
-
-:edit_url: https://github.com/elastic/elasticsearch/edit/{branch}/docs/reference/security/securing-communications/configuring-tls-docker.asciidoc
-include::{es-repo-dir}/security/securing-communications/configuring-tls-docker.asciidoc[]
-
-:edit_url: https://github.com/elastic/elasticsearch/edit/{branch}/docs/reference/security/securing-communications/enabling-cipher-suites.asciidoc
-include::{es-repo-dir}/security/securing-communications/enabling-cipher-suites.asciidoc[]
-
-:edit_url: https://github.com/elastic/elasticsearch/edit/{branch}/docs/reference/security/securing-communications/separating-node-client-traffic.asciidoc
-include::{es-repo-dir}/security/securing-communications/separating-node-client-traffic.asciidoc[]
-
-:edit_url:
+include::securing-communications/securing-elasticsearch.asciidoc[]
+include::securing-communications/configuring-tls-docker.asciidoc[]
+include::securing-communications/enabling-cipher-suites.asciidoc[]
+include::securing-communications/separating-node-client-traffic.asciidoc[]
 include::authentication/configuring-active-directory-realm.asciidoc[]
 include::authentication/configuring-file-realm.asciidoc[]
 include::authentication/configuring-ldap-realm.asciidoc[]
 include::authentication/configuring-native-realm.asciidoc[]
 include::authentication/configuring-pki-realm.asciidoc[]
 include::authentication/configuring-saml-realm.asciidoc[]
-
-:edit_url: https://github.com/elastic/elasticsearch/edit/{branch}/docs/reference/settings/security-settings.asciidoc
 include::{es-repo-dir}/settings/security-settings.asciidoc[]
-
-:edit_url: https://github.com/elastic/elasticsearch/edit/{branch}/docs/reference/settings/audit-settings.asciidoc
 include::{es-repo-dir}/settings/audit-settings.asciidoc[]

x-pack/docs/en/security/get-started-builtin-users.asciidoc

@@ -12,7 +12,7 @@ the following command from the {es} directory:
 ./bin/elasticsearch
 ----------------------------------------------------------------------
 
-See {ref}/starting-elasticsearch.html[Starting {es}].
+See <<starting-elasticsearch>>.
 --
 
 . Set the built-in users' passwords. Run the following command from the {es} 

x-pack/docs/en/security/get-started-enable-security.asciidoc

@@ -7,7 +7,7 @@ line. See {kibana-ref}/start-stop.html[Starting and stopping {kib}].
 
 . Stop {es}. For example, if you installed {es} from an archive distribution, 
 enter `Ctrl-C` on the command line. See 
-{ref}/stopping-elasticsearch.html[Stopping {es}].
+<<stopping-elasticsearch>>.
 
 . Add the `xpack.security.enabled` setting to the 
 `ES_PATH_CONF/elasticsearch.yml` file. 
@@ -17,7 +17,7 @@ TIP: The `ES_PATH_CONF` environment variable contains the path for the {es}
 configuration files. If you installed {es} using archive distributions (`zip` or 
 `tar.gz`), it defaults to `ES_HOME/config`. If you used package distributions 
 (Debian or RPM), it defaults to `/etc/elasticsearch`. For more information, see 
-{ref}/settings.html[Configuring {es}].  
+<<settings>>.  
 
 For example, add the following setting:
 

x-pack/docs/en/security/get-started-security.asciidoc

@@ -27,7 +27,7 @@ example, http://127.0.0.1:5601[http://127.0.0.1:5601].
 [[get-started-license]]
 === Install a trial license
 
-include::{docdir}/get-started-trial.asciidoc[]
+include::get-started-trial.asciidoc[]
 
 [role="xpack"]
 [[get-started-enable-security]]
@@ -328,15 +328,15 @@ using the native realm. You learned how to create user IDs and roles that
 prevent unauthorized access to the {stack}. 
 
 Next, you'll want to try other features that are unlocked by your trial license, 
-such as {ml}. See <<ml-getting-started,Getting started with {ml}>>. 
+such as {ml}. See {stack-ov}/ml-getting-started.html[Getting started with {ml}]. 
 
 Later, when you're ready to increase the number of nodes in your cluster or set 
 up an production environment, you'll want to encrypt communications across the 
 {stack}. To learn how, read <<encrypting-communications>>. 
 
 For more detailed information about securing the {stack}, see:
 
-* {ref}/configuring-security.html[Configuring security in {es}]. Encrypt 
+* <<configuring-security,Configuring security in {es}>>. Encrypt 
 inter-node communications, set passwords for the built-in users, and manage your 
 users and roles.  
 

x-pack/docs/en/security/get-started-trial.asciidoc

@@ -17,5 +17,5 @@ major version, you cannot start a new trial. For example, if you have already
 activated a trial for v6.0, you cannot start a new trial until v7.0.
 
 At the end of the trial period, the platinum features operate in a 
-<<license-expiration,degraded mode>>. You can revert to a basic license, extend 
+{stack-ov}/license-expiration.html[degraded mode]. You can revert to a basic license, extend 
 the trial, or purchase a subscription.