(DOCSP-10145): Disable auth with spec.security.authentication.enabled (#271)

* (DOCSP-10145): Disable auth with spec.security.authentication.enabled

* Tech review

* Copy review

Author: melissamahoney-mongodb

source/includes/options-k8s-replica-set.yaml

@@ -324,6 +324,13 @@ inherit:
   file: options-k8s-shared.yaml
 ---
 program: k8sRsConf
+name: spec.security.authentication
+inherit:
+  name: spec.security.authentication
+  program: _shared
+  file: options-k8s-shared.yaml
+---
+program: k8sRsConf
 name: spec.security.authentication.internalCluster
 inherit:
   name: spec.security.authentication.internalCluster

source/includes/options-k8s-shared.yaml

@@ -526,14 +526,29 @@ description: |
   Provide the name of the |k8s-secret| that store the |certauth|.
 ---
 program: _shared
+name: spec.security.authentication
+type: collection
+directive: setting
+optional: true
+description: |
+  Authentication specifications for your MongoDB deployment.
+---
+program: _shared
 name: spec.security.authentication.modes
 type: array
 directive: setting
 optional: true
 description: |
-  Set to ``["X509"]`` to enable
-  :ref:`X.509 internal cluster authentication
-  <x509-internal-authentication>` for the |com| project.
+  Specifies the authentication mechanism that your MongoDB deployment 
+  uses. Valid values are ``SCRAM`` and ``X509``.
+
+  To enable :ref:`X.509 internal cluster authentication
+  <x509-internal-authentication>` for the |com| project, set this value
+  to ``["X509"]`` and specify the following settings:
+
+  - :setting:`spec.security.authentication.internalCluster` ``: "X509"``
+  - :setting:`spec.security.tls.enabled` ``: true``
+
 ---
 program: _shared
 name: spec.security.authentication.enabled
@@ -542,8 +557,11 @@ directive: setting
 optional: true
 default: "``false``"
 description: |
-  Specifies whether x.509 authentication is enabled on the |com|
-  project.
+  Specifies whether authentication is enabled on the |com|
+  project. Requires that you set an authentication mechanism in 
+  :setting:`spec.security.authentication.modes`.
+
+  To disable authentication in |com|, explicitly set to ``false``.
 ---
 program: _shared
 name: spec.security.authentication.ignoreUnknownUsers
@@ -555,8 +573,7 @@ description: |
   Determines whether you can modify database users that were not
   configured through the |k8s-op-short| or the |com| UI. 
   
-  Set to ``true`` if you need to manage database users directly through
-  the |mongod| or |mongos|.
+  To manage database users directly through the |mongod| or |mongos|, set to ``true``.
 ---
 program: _shared
 name: spec.additionalMongodConfig.net.ssl.mode
@@ -576,9 +593,14 @@ type: string
 directive: setting
 optional: true
 description: |
-  Set to ``X509`` to enable :ref:`X.509 internal cluster authentication
-  <x509-internal-authentication>`. Requires |tls| on the resource by
-  setting :setting:`spec.security.tls.enabled` to ``true``.
+  Specifies whether :ref:`X.509 internal cluster authentication
+  <x509-internal-authentication>` is enabled.
+
+  To enable X.509 internal cluster authentication, set to ``"X509"``.
+  Requires that the following settings be specified:
+  
+  - :setting:`spec.security.authentication.modes` ``: ["X509"]``
+  - :setting:`spec.security.tls.enabled` ``: true``
 
   .. important::
 

source/reference/k8s-operator-specification.txt

@@ -203,6 +203,7 @@ cluster resource types:
 .. include:: /includes/option/setting-k8sRsConf-spec.security.tls.enabled.rst
 .. include:: /includes/option/setting-k8sRsConf-spec.security.tls.ca.rst
 .. include:: /includes/option/setting-k8sRsConf-spec.additionalMongodConfig.net.ssl.mode.rst
+.. include:: /includes/option/setting-k8sRsConf-spec.security.authentication.rst
 .. include:: /includes/option/setting-k8sRsConf-spec.security.authentication.enabled.rst
 .. include:: /includes/option/setting-k8sRsConf-spec.security.authentication.modes.rst
 .. include:: /includes/option/setting-k8sRsConf-spec.security.authentication.internalCluster.rst