I’m trying to migrate a cluster from Elasticsearch 6 to 7 and am going through our custom roles and changing the action groups they use per Upgrading from 6.x to 7.x | Security for Elasticsearch | Search Guard
We have some roles which use an action group called INDEX. E.g.
storage:
cluster:
- INDICES_MONITOR
- CLUSTER_COMPOSITE_OPS
- indices:data/read/scroll
- indices:data/read/scroll/clear
indices:
'storage-*':
'*':
- READ
- indices:monitor/settings/get
- indices:admin/get
'?kibana-storage':
'*':
- MANAGE
- INDEX
- READ
- DELETE
INDEX is an action group which is defined by default in Search Guard 6. I double checked it wasn’t something I or my colleagues had made by unziping search-guard-6-6.8.22-25.6.zip and looking at sg_action_groups.yml and it is there,
mike@foo:tmp>unzip -q search-guard-6-6.8.22-25.6.zip
mike@foo:tmp>grep -A7 ^INDEX: sgconfig/sg_action_groups.yml
INDEX:
readonly: true
permissions:
- "indices:data/write/index*"
- "indices:data/write/update*"
- "indices:admin/mapping/put"
- "indices:data/write/bulk*"
mike@foo:tmp>
But I cannot see INDEX mentioned at Upgrading from 6.x to 7.x | Security for Elasticsearch | Search Guard
Nor can I see it mentioned at Action Groups | Elasticsearch Security | Search Guard
Am I failing to see it or is it really not mentioned? And if it’s really not mentioned, then what do I do about this action group which is defined but undocumented?