Update and document unmanaged user vars

README.md

@@ -455,6 +455,8 @@ In addition to es_config, the following parameters allow the customization of th
 * ```es_api_port``` The port used for actions requiring HTTP e.g. installing templates. Defaults to 9200. **CHANGE IF THE HTTP PORT IS NOT 9200**
 * ```es_api_basic_auth_username``` The Elasticsearch username for making admin changing actions. Used if Security is enabled. Ensure this user is admin.
 * ```es_api_basic_auth_password``` The password associated with the user declared in `es_api_basic_auth_username`
+* `es_delete_unmanaged_file` Default `true`. Set to false to keep file realm users that have been added outside of ansible.
+* `es_delete_unmanaged_native` Default `true`. Set to false to keep native realm users that have been added outside of ansible.
 * ```es_start_service``` (true (default) or false)
 * ```es_plugins_reinstall``` (true or false (default) )
 * ```es_plugins``` an array of plugin definitions e.g.:

defaults/main.yml

@@ -62,5 +62,5 @@ es_ssl_certificate_authority: ""
 es_ssl_certificate_path: "{{ es_conf_dir }}/certs"
 es_ssl_verification_mode: "certificate"
 es_validate_certs: "yes"
-delete_unmanaged_file: true
+es_delete_unmanaged_file: true
-delete_unmanaged_native: true
+es_delete_unmanaged_native: true

tasks/xpack/security/elasticsearch-security-file.yml

@@ -33,7 +33,7 @@
 
 - name: set fact users_to_remove
   set_fact: users_to_remove={{ current_file_users.stdout_lines | difference (es_users.file.keys() | list) }}
-  when: manage_file_users and delete_unmanaged_file
+  when: manage_file_users and es_delete_unmanaged_file
 
 #Remove users
 - name: Remove Users
@@ -49,7 +49,7 @@
 
 - name: set fact users_to_add
   set_fact: users_to_add={{ es_users.file.keys() | list | difference (current_file_users.stdout_lines) }}
-  when: manage_file_users and delete_unmanaged_file
+  when: manage_file_users and es_delete_unmanaged_file
 
 #Add users
 - name: Add Users

tasks/xpack/security/elasticsearch-security-native.yml

@@ -82,7 +82,7 @@
     password: "{{es_api_basic_auth_password}}"
     force_basic_auth: yes
     validate_certs: "{{ es_validate_certs }}"
-  when: manage_native_users and delete_unmanaged_native
+  when: manage_native_users and es_delete_unmanaged_native
   with_items: "{{ users_to_remove | default([]) }}"
 
 - name: set fact users_to_ignore
@@ -178,7 +178,7 @@
     password: "{{es_api_basic_auth_password}}"
     force_basic_auth: yes
     validate_certs: "{{ es_validate_certs }}"
-  when: manage_native_roles  and delete_unmanaged_native
+  when: manage_native_roles  and es_delete_unmanaged_native
   with_items: "{{roles_to_remove | default([]) }}"
 
 - name: set fact roles_to_modify