At https://docs.search-guard.com/ there is version specific documentation for what is now known as Search Guard Classic. There is only one set of documentation for FLX. The lack of version specific documentation for FLX made me assume that the documentation is valid for all versions of FLX. But, as I’ve been working out how to switch an Elasticsearch 7 cluster from Classic to FLX, which means FLX 1.6.0, I have come to the realisation that the documentation for FLX is not accurate for 1.6.0. This is a realisation I have arrived at through time spent on things such as wondering why a user in the SGS_KIBANA_USER_NO_MT role cannot log in to Kibana.(*)
I find myself wondering if, when I do a major version upgrade of the Elasticsearch cluster to 8 which will mean using FLX 3.1.3, I am going to find myself working out that bits of the FLX documentation are wrong for that as well, because it’s only accurate for 4.0.0 or whatever the latest version of FLX is at that point.
Why isn’t there version specific documentation for FLX?
(*) I’ve worked out that SGS_KIBANA_USER_NO_MT doesn’t exist in 1.6.0. And that there is no validation of whether roles users are in exist when configuration is loaded with sgctl.sh. And the _searchguard/authinfo end point will show a user is in a role even if the role doesn’t exist.