Elasticsearch 7.1.1 and Searchguard 35.0.0, upgraded from ES 6.5.4.
The sgadmin “migrate” function fails on
internalusers with the following error - it appears that entries which included a “password” field, which was valid prior to 7.x, and cause no problems while in the
searchguard legacy index, fail validation when extracted by the migration function. This prevents any migration.
Will retrieve 'sg/internalusers' into .\sg_internal_users_2019-Jun-19_16-25-15.yml (legacy mode) ERR: Seems internalusers from cluster is not in legacy format: com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException: Unrecognized field "password" (class com.floragunn.searchguard.sgconf.impl.v6.InternalUserV6), not marked as ignorable (6 known properties: "readonly", "username", "attributes", "hidden", "roles", "hash"])
To work around this on my test cluster, I’m disabling searchguard and extracting the json for internalusers from the index to validate against my managed
sg_internal_users.yml file - I’m expecting that I can pre-emptively modify and load the file into other clusters prior to performing the 7.x upgrade, but once it’s in this state there seems to be no clean way to recover.