Overview

Cloudera CDP IAM is a web service that you can use to manage users and user permissions under your CDP account.

Version information

Version : 0.9.128 (BETA)

License information

URI scheme

Schemes : HTTPS

Consumes

  • application/json

Produces

  • application/json

Paths

Add a machine user to group.

POST /iam/addMachineUserToGroup

Description

Add a machine user to a group.

Parameters

Type Name Schema

Body

input
required

Responses

HTTP Code Description Schema

200

Expected response to a valid request.

default

The default response on an error.

Adds an SSH public key for an actor.

POST /iam/addSshPublicKey

Description

Adds an SSH public key for an actor. The private key that corresponds to this public key can be used to SSH into any workload cluster that the actor is authorized to use.

Parameters

Type Name Schema

Body

input
required

Responses

HTTP Code Description Schema

200

Expected response to a valid request.

default

The default response on an error.

Add a user to a group.

POST /iam/addUserToGroup

Description

Add a user to group.

Parameters

Type Name Schema

Body

input
required

Responses

HTTP Code Description Schema

200

Expected response to a valid request.

default

The default response on an error.

Assign an Azure cloud identity to an actor or group.

POST /iam/assignAzureCloudIdentity

Description

Assign an Azure cloud identity, i.e. an object ID (OID), to an actor or group.

Parameters

Type Name Schema

Body

input
required

Responses

HTTP Code Description Schema

200

Expected response to a valid request.

default

The default response on an error.

Assign a resource role to a group.

POST /iam/assignGroupResourceRole

Description

Assign a resource role to a group. If the resource role is already assigned to the group the request will fail.

Parameters

Type Name Schema

Body

input
required

Responses

HTTP Code Description Schema

200

Expected response to a valid request.

default

The default response on an error.

Assign a role to a group.

POST /iam/assignGroupRole

Description

Assign a role to a group. If the role is already assigned to the group the request will fail.

Parameters

Type Name Schema

Body

input
required

Responses

HTTP Code Description Schema

200

Expected response to a valid request.

default

The default response on an error.

Assign a resource role to a machine user.

POST /iam/assignMachineUserResourceRole

Description

Assign a resource role to a machine user. If the resource role is already assigned to the machine user the request will fail.

Parameters

Type Name Schema

Body

input
required

Responses

HTTP Code Description Schema

200

Expected response to a valid request.

default

The default response on an error.

Assign a role to a machine user.

POST /iam/assignMachineUserRole

Description

Assign a role to a machine user. If the role is already assigned to the machine user the request will fail.

Parameters

Type Name Schema

Body

input
required

Responses

HTTP Code Description Schema

200

Expected response to a valid request.

default

The default response on an error.

Assign an Azure cloud identity to a service principal.

POST /iam/assignServicePrincipalAzureCloudIdentity

Description

Assign an Azure cloud identity, i.e. an object ID (OID), to a service principal.

Parameters

Type Name Schema

Body

input
required

Responses

HTTP Code Description Schema

200

Expected response to a valid request.

default

The default response on an error.

Assign a resource role to a user.

POST /iam/assignUserResourceRole

Description

Assign a resource role to a user. If the resource role is already assigned to the user the request will fail.

Parameters

Type Name Schema

Body

input
required

Responses

HTTP Code Description Schema

200

Expected response to a valid request.

default

The default response on an error.

Assign a role to a user.

POST /iam/assignUserRole

Description

Assign a role to a user. If the role is already assigned to the user the request will fail.

Parameters

Type Name Schema

Body

input
required

Responses

HTTP Code Description Schema

200

Expected response to a valid request.

default

The default response on an error.

Create a group.

POST /iam/createGroup

Description

Create a group. A group is a named collection of users and machine users. Roles and resource roles can be assigned to a group impacting all members of the group.

Parameters

Type Name Schema

Body

input
required

Responses

HTTP Code Description Schema

200

Expected response to a valid request.

default

The default response on an error.

Create a machine user.

POST /iam/createMachineUser

Description

Creates a machine user in the account. A machine user can be used to access CDP API. A machine user can have access keys associated with it and can be assigned roles and resource roles. A machine user cannot login to the CDP console.

Parameters

Type Name Schema

Body

input
required

Responses

HTTP Code Description Schema

200

Expected response to a valid request.

default

The default response on an error.

Creates a new access key for a machine user.

POST /iam/createMachineUserAccessKey

Description

Creates a new access key for a machine user.

Parameters

Type Name Schema

Body

input
required

Responses

HTTP Code Description Schema

200

Expected response to a valid request.

default

The default response on an error.

Creates a SAML provider in CDP.

POST /iam/createSamlProvider

Description

Creates a SAML provider in CDP.

Parameters

Type Name Schema

Body

input
required

Responses

HTTP Code Description Schema

200

Expected response to a valid request.

default

The default response on an error.

Creates a SCIM access token for a SCIM enabled identity provider.

POST /iam/createScimAccessToken

Description

Creates a SCIM access token for a SCIM enabled identity provider. This token is used to authenticate requests sent to the SCIM endpoints. This operation is not supported for Cloudera for Government.

Parameters

Type Name Schema

Body

input
required

Responses

HTTP Code Description Schema

200

Expected response to a valid request.

default

The default response on an error.

Creates a user in CDP.

POST /iam/createUser

Description

Creates a user in CDP.

Parameters

Type Name Schema

Body

input
required

Responses

HTTP Code Description Schema

200

Expected response to a valid request.

default

The default response on an error.

Creates a new access key for a user.

POST /iam/createUserAccessKey

Description

Creates a new access key for a user.

Parameters

Type Name Schema

Body

input
required

Responses

HTTP Code Description Schema

200

Expected response to a valid request.

default

The default response on an error.

Deletes an access key.

POST /iam/deleteAccessKey

Description

Deletes an access key.

Parameters

Type Name Schema

Body

input
required

Responses

HTTP Code Description Schema

200

Expected response to a valid request.

default

The default response on an error.

Delete a group.

POST /iam/deleteGroup

Description

Delete a group.

Parameters

Type Name Schema

Body

input
required

Responses

HTTP Code Description Schema

200

Expected response to a valid request.

default

The default response on an error.

Delete a machine user.

POST /iam/deleteMachineUser

Description

Deletes a machine user. This includes deleting all associated access keys and unassigning all roles and resource roles assigned to the machine user. The machine user is also removed from all groups it belongs to. If the call succeeds the machine user will not be able to use any access keys to access the CDP control plane. Note that user-sync is not triggered yet by this call and the caller must trigger that to ensure that the machine user loses access to all environments as soon as possible.

Parameters

Type Name Schema

Body

input
required

Responses

HTTP Code Description Schema

200

Expected response to a valid request.

default

The default response on an error.

Deletes a SAML provider in CDP account.

POST /iam/deleteSamlProvider

Description

Deletes a SAML provider in CDP account.

Parameters

Type Name Schema

Body

input
required

Responses

HTTP Code Description Schema

200

Expected response to a valid request.

default

The default response on an error.

Deletes a SCIM access token.

POST /iam/deleteScimAccessToken

Description

Deletes a SCIM access token. This operation is not supported for Cloudera for Government.

Parameters

Type Name Schema

Body

input
required

Responses

HTTP Code Description Schema

200

Expected response to a valid request.

default

The default response on an error.

Deletes an SSH public key for an actor.

POST /iam/deleteSshPublicKey

Description

Delete an SSH public key for an actor.

Parameters

Type Name Schema

Body

input
required

Responses

HTTP Code Description Schema

200

Expected response to a valid request.

default

The default response on an error.

Deletes a user and all associated resources.

POST /iam/deleteUser

Description

Deletes a user. This includes deleting all associated access keys and unassigning all roles and resource roles assigned to the user. The user is also removed from all groups it belongs to. If the call succeeds the user will not be able to login interactively, or use any access keys to access the CDP control plane. This feature is under development and some resources may be left behind after a successful call. Note that user-sync is not triggered yet by this call and the caller must trigger that to ensure that the user loses access to all environments as soon as possible.

Parameters

Type Name Schema

Body

input
required

Responses

HTTP Code Description Schema

200

Expected response to a valid request.

default

The default response on an error.

Describes one SAML provider.

POST /iam/describeSamlProvider

Description

Describes one SAML provider.

Parameters

Type Name Schema

Body

input
required

Responses

HTTP Code Description Schema

200

Expected response to a valid request.

default

The default response on an error.

Describes an SSH public key for an actor.

POST /iam/describeSshPublicKey

Description

Describe an SSH public key for an actor.

Parameters

Type Name Schema

Body

input
required

Responses

HTTP Code Description Schema

200

Expected response to a valid request.

default

The default response on an error.

Disables interactive login using Cloudera SSO for this account.

POST /iam/disableClouderaSSOLogin

Description

Disables interactive login using Cloudera SSO for this account. When disabled, only users who are designated account administrators will be able to use Cloudera SSO to interactively login to the CDP account. All other users will only be able to interactively login using SAML providers defined for the account. This is a no-op if login using Cloudera SSO are already disabled.

Parameters

Type Name Schema

Body

input
required

Responses

HTTP Code Description Schema

200

Expected response to a valid request.

default

The default response on an error.

Enables interactive login using Cloudera SSO for this account.

POST /iam/enableClouderaSSOLogin

Description

Enables interactive login using Cloudera SSO for this account. This is a no-op if login using Cloudera SSO are already enabled.

Parameters

Type Name Schema

Body

input
required

Responses

HTTP Code Description Schema

200

Expected response to a valid request.

default

The default response on an error.

Generates an authentication token for workload APIs.

POST /iam/generateWorkloadAuthToken

Description

Generates an authentication token which is required for sending requests to workload APIs.

Parameters

Type Name Schema

Body

input
required

Responses

HTTP Code Description Schema

200

Expected response to a valid request.

default

The default response on an error.

Gets information on an access key.

POST /iam/getAccessKey

Description

Gets information on an access key. If no access key ID is specified. Information on the access key used to make the request is returned.

Parameters

Type Name Schema

Body

input
required

Responses

HTTP Code Description Schema

200

Expected response to a valid request.

default

The default response on an error.

Retrieves information about the CDP account.

POST /iam/getAccount

Description

Retrieves information about the CDP account.

Parameters

Type Name Schema

Body

input
required

Responses

HTTP Code Description Schema

200

Expected response to a valid request.

default

The default response on an error.

Get account messages.

POST /iam/getAccountMessages

Description

Get account messages.

Parameters

Type Name Schema

Body

input
required

Responses

HTTP Code Description Schema

200

Expected response to a valid request.

default

The default response on an error.

Retrieves the CRN of the default identity provider.

POST /iam/getDefaultIdentityProvider

Description

Retrieves the CRN of the default identity provider used for CDP initiated login requests.

Parameters

Type Name Schema

Body

input
required

Responses

HTTP Code Description Schema

200

Expected response to a valid request.

default

The default response on an error.

Gets information on a user.

POST /iam/getUser

Description

Gets information on a user. If no user name is specified. The user name is determined from the access key used to make the request.

Parameters

Type Name Schema

Body

input
required

Responses

HTTP Code Description Schema

200

Expected response to a valid request.

default

The default response on an error.

Lists access keys.

POST /iam/listAccessKeys

Description

Lists access keys.

Parameters

Type Name Schema

Body

input
required

Responses

HTTP Code Description Schema

200

Expected response to a valid request.

default

The default response on an error.

Lists a group’s assigned resource roles.

POST /iam/listGroupAssignedResourceRoles

Description

Lists a group’s assigned resource roles.

Parameters

Type Name Schema

Body

input
required

Responses

HTTP Code Description Schema

200

Expected response to a valid request.

default

The default response on an error.

Lists the group’s assigned roles.

POST /iam/listGroupAssignedRoles

Description

Lists the group’s assigned roles.

Parameters

Type Name Schema

Body

input
required

Responses

HTTP Code Description Schema

200

Expected response to a valid request.

default

The default response on an error.

List the members of a group.

POST /iam/listGroupMembers

Description

List the members of a group.

Parameters

Type Name Schema

Body

input
required

Responses

HTTP Code Description Schema

200

Expected response to a valid request.

default

The default response on an error.

Lists groups.

POST /iam/listGroups

Description

Lists groups. If no group names are specified, the call lists all groups.

Parameters

Type Name Schema

Body

input
required

Responses

HTTP Code Description Schema

200

Expected response to a valid request.

default

The default response on an error.

List the groups that the machine user belongs to.

POST /iam/listGroupsForMachineUser

Description

List the groups that the machine user belongs to.

Parameters

Type Name Schema

Body

input
required

Responses

HTTP Code Description Schema

200

Expected response to a valid request.

default

The default response on an error.

List the groups that the user belongs to.

POST /iam/listGroupsForUser

Description

List the groups that the user belongs to.

Parameters

Type Name Schema

Body

input
required

Responses

HTTP Code Description Schema

200

Expected response to a valid request.

default

The default response on an error.

Lists a machine user’s assigned resource roles.

POST /iam/listMachineUserAssignedResourceRoles

Description

Lists a machine user’s assigned resource roles.

Parameters

Type Name Schema

Body

input
required

Responses

HTTP Code Description Schema

200

Expected response to a valid request.

default

The default response on an error.

Lists the machine user’s assigned roles.

POST /iam/listMachineUserAssignedRoles

Description

Lists the machine user’s assigned roles.

Parameters

Type Name Schema

Body

input
required

Responses

HTTP Code Description Schema

200

Expected response to a valid request.

default

The default response on an error.

Lists machine users.

POST /iam/listMachineUsers

Description

Lists machine users in the account.

Parameters

Type Name Schema

Body

input
required

Responses

HTTP Code Description Schema

200

Expected response to a valid request.

default

The default response on an error.

List the resource assignees and their respective resource roles for the resource.

POST /iam/listResourceAssignees

Description

List the resource assignees and their respective resource roles for the resource.

Parameters

Type Name Schema

Body

input
required

Responses

HTTP Code Description Schema

200

Expected response to a valid request.

default

The default response on an error.

Lists all the available resource roles.

POST /iam/listResourceRoles

Description

Lists all the available resource roles. Resource roles grant rights over certain resources.

Parameters

Type Name Schema

Body

input
required

Responses

HTTP Code Description Schema

200

Expected response to a valid request.

default

The default response on an error.

Lists all the available roles.

POST /iam/listRoles

Description

Lists all the available roles. Roles grant rights to users via policies that are attached to the roles.

Parameters

Type Name Schema

Body

input
required

Responses

HTTP Code Description Schema

200

Expected response to a valid request.

default

The default response on an error.

Lists SAML providers in CDP account.

POST /iam/listSamlProviders

Description

Lists SAML providers in CDP account.

Parameters

Type Name Schema

Body

input
required

Responses

HTTP Code Description Schema

200

Expected response to a valid request.

default

The default response on an error.

Lists SCIM access tokens for a SCIM enabled identity provider.

POST /iam/listScimAccessTokens

Description

Lists SCIM access tokens for a SCIM enabled identity provider. These access tokens are used to authenticate requests sent to the SCIM endpoints. This operation is not supported for Cloudera for Government.

Parameters

Type Name Schema

Body

input
required

Responses

HTTP Code Description Schema

200

Expected response to a valid request.

default

The default response on an error.

List cloud identity mappings for service principals.

POST /iam/listServicePrincipalCloudIdentities

Description

List cloud identity mappings for service principals.

Parameters

Type Name Schema

Body

input
required

Responses

HTTP Code Description Schema

200

Expected response to a valid request.

default

The default response on an error.

Lists SSH public keys for an actor.

POST /iam/listSshPublicKeys

Description

Lists SSH public keys for an actor.

Parameters

Type Name Schema

Body

input
required

Responses

HTTP Code Description Schema

200

Expected response to a valid request.

default

The default response on an error.

Lists a user’s assigned resource roles.

POST /iam/listUserAssignedResourceRoles

Description

Lists a user’s assigned resource roles.

Parameters

Type Name Schema

Body

input
required

Responses

HTTP Code Description Schema

200

Expected response to a valid request.

default

The default response on an error.

Lists the user’s assigned roles.

POST /iam/listUserAssignedRoles

Description

Lists the user’s assigned roles.

Parameters

Type Name Schema

Body

input
required

Responses

HTTP Code Description Schema

200

Expected response to a valid request.

default

The default response on an error.

Lists users.

POST /iam/listUsers

Description

Lists users.

Parameters

Type Name Schema

Body

input
required

Responses

HTTP Code Description Schema

200

Expected response to a valid request.

default

The default response on an error.

Migrates all users from an identity provider connector to a different identity provider connector.

POST /iam/migrateUsersToIdentityProvider

Description

Allow existing users to be associated with a different identity provider connector. It is required that the identity provider user ID for each user be the same in both identity providers. This is expected to be used for migration from LDAP authentication to SAML authentication for the same physical IdP. A new SAML connector would be created in CDP, integrated with the same IdP as the original LDAP connector. First the LDAP mapping would be set to use the planned SAML name id mapping. Then this method can switch users created via LDAP login to be associated with the SAML connector and enable SAML authentication instead of LDAP authentication.

Parameters

Type Name Schema

Body

input
required

Responses

HTTP Code Description Schema

200

Expected response to a valid request.

default

The default response on an error.

Remove a machine user from a group.

POST /iam/removeMachineUserFromGroup

Description

Remove a machine user from a group.

Parameters

Type Name Schema

Body

input
required

Responses

HTTP Code Description Schema

200

Expected response to a valid request.

default

The default response on an error.

Remove a user from a group.

POST /iam/removeUserFromGroup

Description

Remove a user from a group.

Parameters

Type Name Schema

Body

input
required

Responses

HTTP Code Description Schema

200

Expected response to a valid request.

default

The default response on an error.

Set messages for an account.

POST /iam/setAccountMessages

Description

Set messages for an account.

Parameters

Type Name Schema

Body

input
required

Responses

HTTP Code Description Schema

200

Expected response to a valid request.

default

The default response on an error.

Set the authentication policy for the account.

POST /iam/setAuthenticationPolicy

Description

Set the authentication policy for the account. Any parameters not specified in the request will be cleared, and their default values will be used for authentication. Changes to the authentication policy only affect authentications that are done after the policy has been updated.

Parameters

Type Name Schema

Body

input
required

Responses

HTTP Code Description Schema

200

Expected response to a valid request.

default

The default response on an error.

Sets the default identity provider.

POST /iam/setDefaultIdentityProvider

Description

Sets the default identity provider used for CDP initiated login requests.

Parameters

Type Name Schema

Body

input
required

Responses

HTTP Code Description Schema

200

Expected response to a valid request.

default

The default response on an error.

Set the workload password for an actor.

POST /iam/setWorkloadPassword

Description

Set the workload password for an actor. This will be the actor’s password in all Environments they have access to, including Environments they are given access to after setting the password. The password plaintext is not kept.

Parameters

Type Name Schema

Body

input
required

Responses

HTTP Code Description Schema

200

Expected response to a valid request.

default

The default response on an error.

Set the workload password policy for the account.

POST /iam/setWorkloadPasswordPolicy

Description

Set the workload password for the account. Changes to the workload password policy only affect passwords that are set after the policy has been updated. By default, passwords never expire.

Parameters

Type Name Schema

Body

input
required

Responses

HTTP Code Description Schema

200

Expected response to a valid request.

default

The default response on an error.

Unassign an Azure cloud identity from an actor or group.

POST /iam/unassignAzureCloudIdentity

Description

Unassign an Azure cloud identity, i.e. an object ID (OID), from an actor or group.

Parameters

Type Name Schema

Body

input
required

Responses

HTTP Code Description Schema

200

Expected response to a valid request.

default

The default response on an error.

Unassign a resource role from a group.

POST /iam/unassignGroupResourceRole

Description

Unassign a resource role from a group. If the resource role is not currently assigned to the group the request will fail.

Parameters

Type Name Schema

Body

input
required

Responses

HTTP Code Description Schema

200

Expected response to a valid request.

default

The default response on an error.

Unassign a role from a group.

POST /iam/unassignGroupRole

Description

Unassign a role from a group. If the role is not currently assigned to the group the request will fail.

Parameters

Type Name Schema

Body

input
required

Responses

HTTP Code Description Schema

200

Expected response to a valid request.

default

The default response on an error.

Unassign a resource role from a machine user.

POST /iam/unassignMachineUserResourceRole

Description

Unassign a resource role from a machine user. If the resource role is not currently assigned to the machine user the request will fail.

Parameters

Type Name Schema

Body

input
required

Responses

HTTP Code Description Schema

200

Expected response to a valid request.

default

The default response on an error.

Unassign a role from a machine user.

POST /iam/unassignMachineUserRole

Description

Unassign a role from a machine user. If the role is not currently assigned to the machine user the request will fail.

Parameters

Type Name Schema

Body

input
required

Responses

HTTP Code Description Schema

200

Expected response to a valid request.

default

The default response on an error.

Unassign an Azure cloud identity from a service principal.

POST /iam/unassignServicePrincipalAzureCloudIdentity

Description

Unassign an Azure cloud identity, i.e. an object ID (OID), from a service principal.

Parameters

Type Name Schema

Body

input
required

Responses

HTTP Code Description Schema

200

Expected response to a valid request.

default

The default response on an error.

Unassign a resource role from a user.

POST /iam/unassignUserResourceRole

Description

Unassign a resource role from a user. If the resource role is not currently assigned to the user the request will fail.

Parameters

Type Name Schema

Body

input
required

Responses

HTTP Code Description Schema

200

Expected response to a valid request.

default

The default response on an error.

Unassign a role from a user.

POST /iam/unassignUserRole

Description

Unassign a role from a user. If the role is not currently assigned to the user the request will fail.

Parameters

Type Name Schema

Body

input
required

Responses

HTTP Code Description Schema

200

Expected response to a valid request.

default

The default response on an error.

Unlocks machine user in the CDP control plane.

POST /iam/unlockMachineUserInControlPlane

Description

Unlocks machine user in the CDP control plane. This operation is idempotent. Unlocking an active machine user will succeed and leave the machine user active. This operation is only supported on Cloudera for Government.

Parameters

Type Name Schema

Body

input
required

Responses

HTTP Code Description Schema

200

Expected response to a valid request.

default

The default response on an error.

Unlocks user in the CDP control plane.

POST /iam/unlockUserInControlPlane

Description

Unlocks user in the CDP control plane. This operation is idempotent. Unlocking an active user will succeed and leave the user active. This operation is only supported on Cloudera for Government.

Parameters

Type Name Schema

Body

input
required

Responses

HTTP Code Description Schema

200

Expected response to a valid request.

default

The default response on an error.

Removes workload password minimum lifetime date for an actor.

POST /iam/unsetWorkloadPasswordMinLifetime

Description

Removes the workload password minimum lifetime date for an actor.

Parameters

Type Name Schema

Body

input
required

Responses

HTTP Code Description Schema

200

Expected response to a valid request.

default

The default response on an error.

Unset workload password policy for the account.

POST /iam/unsetWorkloadPasswordPolicy

Description

Unset the workload password for the account. Changes to the workload password policy only affect passwords that are set after the policy has been updated.

Parameters

Type Name Schema

Body

input
required

Responses

HTTP Code Description Schema

200

Expected response to a valid request.

default

The default response on an error.

Updates an access key.

POST /iam/updateAccessKey

Description

Updates an access key.

Parameters

Type Name Schema

Body

input
required

Responses

HTTP Code Description Schema

200

Expected response to a valid request.

default

The default response on an error.

Update a group.

POST /iam/updateGroup

Description

Update a group.

Parameters

Type Name Schema

Body

input
required

Responses

HTTP Code Description Schema

200

Expected response to a valid request.

default

The default response on an error.

Updates a SAML provider in CDP.

POST /iam/updateSamlProvider

Description

Updates a SAML provider in CDP.

Parameters

Type Name Schema

Body

input
required

Responses

HTTP Code Description Schema

200

Expected response to a valid request.

default

The default response on an error.

Updates a user.

POST /iam/updateUser

Description

Updates a user. Updates request fields provided. An error is returned if no field updates are defined in the request.

Parameters

Type Name Schema

Body

input
required

Responses

HTTP Code Description Schema

200

Expected response to a valid request.

default

The default response on an error.

Definitions

AccessKey

Information about a Cloudera CDP access key.

Name Description Schema

accessKeyId
required

The ID of the access key.

string

actorCrn
required

The CRN of the actor with which this access key is associated.

string

creationDate
required

The date when the access key was created.

string (date-time)

crn
required

The CRN of the access key.

string

lastUsage
optional

Information on the last time this access key was used.

status
optional

The status of an access key.

enum (ACTIVE, INACTIVE)

type
optional

The type of an access key.

AccessKeyLastUsage

Information on the last time an access key was used.

Name Description Schema

lastUsageDate
optional

The date when the access key was last used.

string (date-time)

serviceName
optional

The name of the service with which this access key was most recently used.

string

AccessKeyType

The version of an access key. V1 - Deprecated, use RSA as the request signing algorithm. V2 - Use ED25519 as the request signing algorithm. V3 - Use ECDSA as the request signing algorithm. DEFAULT - Use the system default signing algorithm (V3 in GovCloud, V2 in other regions).

Type : enum (V1, V2, V3)

Account

Information about a Cloudera CDP account.

Name Description Schema

authenticationPolicy
optional

The authentication policy object. May be omitted if no such policy was defined.

clouderaSSOAllLoginEnabled
required

Whether login is enabled for Cloudera SSO users. It can only be set by Cloudera upon request and disables interactive login through Cloudera SSO. Note that restricting Cloudera SSO login will prevent account administrators from logging in interactively. Its default value is 'true'. When it is 'true', the Cloudera SSO interactive login behavior is controlled according to the existing clouderaSSOLoginEnabled flag. When it is 'false', it overrides the setting for clouderaSSOLoginEnabled.

boolean

clouderaSSOLoginEnabled
required

Whether interactive login using Cloudera SSO is enabled for users who are not account administrators. Its default value is 'true'. When it is 'true', the account administrators, as well as non-administrator users can login through Cloudera SSO. When it is 'false', Cloudera SSO users who are not account administrators will not be able to login.

boolean

machineUserWorkloadPasswordPolicy
optional

The machine user workload password policy object. May be omitted if no such policy was defined.

workloadPasswordPolicy
required

The workload password policy object.

AddMachineUserToGroupRequest

Request object for an add machine user to group request.

Name Description Schema

groupName
required

The name or CRN of the group to add the machine user to.

string

machineUserName
required

The name or CRN of the machine user to add to the group.

string

AddMachineUserToGroupResponse

Response object for add machine user to group request.

Type : object

AddSshPublicKeyRequest

Request object for add user ssh public key.

Name Description Schema

actorCrn
optional

The CRN of the user or machine user for whom the SSH public key will be added. If it is not included, it defaults to the user making the request.

string

description
optional

An optional description for the public key.

string

publicKey
required

The RSA or ED25519 public ssh key to add. DSA and ECDSA public keys are not supported. The public key should be in RFC4253 format. (e.g. ssh-rsa AAAAB3NzaC1yc2EAAA.. user@host) as produced, for example, by ssh-keygen.

string

AddSshPublicKeyResponse

Response object for add ssh public key.

Name Description Schema

sshPublicKey
required

Information about the SSH public key.

AddUserToGroupRequest

Request object for an add user to group request.

Name Description Schema

groupName
required

The name or CRN of the group to add the user to.

string

userId
required

The ID or CRN of the user to add to the group.

string

AddUserToGroupResponse

Response object for an add user to group request.

Type : object

AssignAzureCloudIdentityRequest

Request object for an assign Azure cloud identity request.

Name Description Schema

assigneeCrn
required

The CRN of the actor or group that the cloud identity will be assigned to.

string

objectId
required

The Azure object ID (OID) to assign to the actor or group.

string

AssignAzureCloudIdentityResponse

Response object for an assign Azure cloud identity request.

Type : object

AssignGroupResourceRoleRequest

Request object for an assign group resource role request.

Name Description Schema

groupName
required

The group to assign the resource role to. Can be the group’s name or CRN.

string

resourceCrn
required

The resource for which the resource role rights are granted.

string

resourceRoleCrn
required

The CRN of the resource role being assigned to the group.

string

AssignGroupResourceRoleResponse

Response object for an assign group resource role request.

Type : object

AssignGroupRoleRequest

Request object for an assign group role request.

Name Description Schema

groupName
required

The group to which the role is assigned to. Can be the group name or CRN.

string

role
required

The role being assigned to the group. Can be the role’s CRN or name.

string

AssignGroupRoleResponse

Response object for an assign group role request.

Type : object

AssignMachineUserResourceRoleRequest

Request object for an assign machine user resource role request.

Name Description Schema

machineUserName
required

The machine user to assign the resource role to. Can be the machine user’s name or CRN.

string

resourceCrn
required

The resource for which the resource role rights are granted.

string

resourceRoleCrn
required

The CRN of the resource role to assign to the machine user.

string

AssignMachineUserResourceRoleResponse

Response object for an assign machine user resource role request.

Type : object

AssignMachineUserRoleRequest

Request object for an assign machine user role request.

Name Description Schema

machineUserName
required

The machine user the role is assigned to. Can be the machine user’s name or CRN.

string

role
required

The role to assign to the machine user. Can be the role’s name or CRN.

string

AssignMachineUserRoleResponse

Response object for an assign machine user role request.

Type : object

AssignServicePrincipalAzureCloudIdentityRequest

Request object for an assign service principal Azure cloud identity request.

Name Description Schema

environmentCrn
required

The CRN of the environment for which the cloud identity assignment will be in effect.

string

objectId
required

The Azure object ID (OID) to assign to the service principal.

string

servicePrincipal
required

The name of the service principal that the cloud identity will be assigned to.

string

AssignServicePrincipalAzureCloudIdentityResponse

Response object for an assign service principal Azure cloud identity request.

Type : object

AssignUserResourceRoleRequest

Request object for an assign user resource role request.

Name Description Schema

resourceCrn
required

The resource for which the resource role rights are granted.

string

resourceRoleCrn
required

The CRN of the resource role to assign to the user.

string

user
required

The user to assign the resource role to. Can be the user’s CRN or id.

string

AssignUserResourceRoleResponse

Response object for an assign user resource role request.

Type : object

AssignUserRoleRequest

Request object for an assign user role request.

Name Description Schema

role
required

The role to assign to the user. Can be the role’s CRN or name.

string

user
required

The user the role is assigned to. Can be the user’s CRN or id.

string

AssignUserRoleResponse

Response object for an assign user role request.

Type : object

AuthenticationPolicy

Information about the authentication policy for an account.

Name Description Schema

accessKeyExpirationSec
optional

The expiration, in seconds, of the access key. The value of '0' indicates the system default expiration (which is 12 hours).

integer (int32)

accessKeyInactivityDurationSec
optional

The inactivity duration, in seconds, of the access key, which would invalidate the access key due to no activity. The value of '0' indicates default inactivity duration (which is 1 hour normally and 15 minutes for Cloudera for Government). There’s no access key invalidation from no activity if the value is greater or equal to expiration.

integer (int32)

clientIpAddressesAllowed
optional

The list of IP addresses and/or CIDRs used for allowing client access to the UI and API services. Both the allowed list and the blocked list will be used to determine whether to grant or block the client’s access. The blocked list takes precedence over the allowed list. When the list is empty or not set, client IP address will not be validated to be present in the allowed list.

< string > array

clientIpAddressesBlocked
optional

The list of IP addresses and/or CIDRs used for blocking client access to the UI and API services. Both the allowed list and the blocked list will be used to determine whether to grant or block the client’s access. The blocked list takes precedence over the allowed list. When the list is empty or not set, client IP address will not be validated to be absent from the blocked list.

< string > array

sessionTokenExpirationSec
optional

The expiration, in seconds, of the UI session token. The value of '0' indicates the system default expiration (which is 12 hours).

integer (int32)

sessionTokenInactivityDurationSec
optional

The inactivity duration, in seconds, of the UI session token, which would invalidate the session token due to no activity. The value of '0' indicates default inactivity duration (which is 1 hour normally and 15 minutes for Cloudera for Government). There’s no session token invalidation from no activity if the value is greater or equal to expiration.

integer (int32)

AzureCloudIdentity

An Azure cloud identity.

Name Description Schema

environmentCrn
optional

The CRN of the environment this Azure cloud identity is associated with. If omitted, this cloud identity is associated with all Azure environments.

string

objectId
required

The Azure object ID (OID).

string

CreateGroupRequest

Request object for create group request.

Name Description Schema

groupName
required

The name of the group. This name must be unique. There are certain restrictions on the group name. Refer to the How To > User Management section in the Management Console documentation for the details.

string

syncMembershipOnUserLogin
optional

Whether group membership is synced when a user logs in. The default is to sync group membership.

boolean

CreateGroupResponse

Response object for create group request.

Name Description Schema

group
required

Information about the group.

CreateMachineUserAccessKeyRequest

Request object for a create machine user access key request.

Name Description Schema

machineUserName
required

The name or CRN of the machine user to whom this access key will be associated.

string

type
optional

The version of an access key to create.

CreateMachineUserAccessKeyResponse

Response object for a create machine user access key request.

Name Description Schema

accessKey
required

The access key that was created.

privateKey
required

The private key associated with this access key. This string is the contents of a PEM file containing a PKCS#8 private key.

string

CreateMachineUserRequest

Request object for create machine user request.

Name Description Schema

machineUserName
required

The name to use for the new machine user. The name must be an alpha numeric string, including '-' and '', cannot start with '_' (double underscore) and cannot be longer than 128 characters. Only one machine user with this name can exist in an account at a given time.

string

CreateMachineUserResponse

Response object for create machine user request.

Name Description Schema

machineUser
required

Information about the machine user.

CreateSamlProviderRequest

Request object for creating SAML provider request.

Name Description Schema

enableScim
optional

Whether to enable SCIM on this SAML provider. System for Cross-domain Identity Management (SCIM) version 2.0 is a standard for automating the provisioning of user and group identity information from identity provider to CDP. It is not supported for Cloudera for Government.

boolean

generateWorkloadUsernameByEmail
optional

Whether to generate users' workload username by email . The default is to generate workload usernames by identity provider user ID (SAML NameID).

boolean

samlMetadataDocument
optional

SAML metadata document XML file. Length of meta data document cannot be more than 200 KB (200,000 bytes).
Maximal length : 200000

string

samlProviderName
required

The name of SAML provider. The name must be unique, must have a maximum of 128 characters, and must contain only alphanumeric characters, "-" and "_". Names are are not case-sensitive.

string

syncGroupsOnLogin
optional

Whether to sync group information for users federated with this SAML provider. Group membership can be passed using the https://cdp.cloudera.com/SAML/Attributes/groups SAML assertion. The default is to synchronize group membership.

boolean

CreateSamlProviderResponse

Response object for a creating SAML provider request.

Name Description Schema

samlProvider
required

The SAML provider.

CreateScimAccessTokenRequest

Request object to create the SCIM access token.

Name Description Schema

accessTokenLifetimeDays
required

The lifetime, in days, of the access token.
Minimum value : 1

integer (int32)

identityProviderNameOrCrn
required

The name or CRN of the SCIM enabled identity provider.

string

CreateScimAccessTokenResponse

Response object to create the SCIM access token.

Name Description Schema

accessToken
required

The SCIM access token that was created.

accessTokenSecret
required

The SCIM access token secret. This secret could be used to authenticate requests sent to SCIM endpoints.

string

CreateUserAccessKeyRequest

Request object for a create user access key request.

Name Description Schema

type
optional

The version of an access key to create.

user
optional

The ID or CRN of the user to whom this access key will be associated. If it is not included, it defaults to the user making the request.

string

CreateUserAccessKeyResponse

Response object for a create user access key request.

Name Description Schema

accessKey
required

The access key that was created.

privateKey
required

The private key associated with this access key. This string is the contents of a PEM file containing a PKCS#8 private key.

string

CreateUserRequest

Request object for creating user request.

Name Description Schema

email
required

The email address for the user. Used for display purposes only.

string

firstName
optional

The user first name.

string

groups
optional

The list of groups the user belongs to. The groups will be created if they do not exist. There are certain restrictions on the group name. Refer to the How To > User Management section in the Management Console documentation for the details.

< string > array

identityProviderUserId
required

The identity provider user id for the user. This ID must match the NameId attribute value that will be passed for the user in the SAML response using the associated SAML provider.

string

lastName
optional

The user last name.

string

samlProviderName
optional

The name or CRN of the SAML provider the user will use for login.

string

CreateUserResponse

Response object for a create user request.

Name Description Schema

user
required

Information about the user.

DeleteAccessKeyRequest

Request object for a delete access key request.

Name Description Schema

accessKeyId
required

The ID of the access key.

string

DeleteAccessKeyResponse

Response object for a delete access key request.

Type : object

DeleteGroupRequest

Request object for delete group request.

Name Description Schema

groupName
required

The name or CRN of the group to delete.

string

DeleteGroupResponse

Response object for delete group request.

Type : object

DeleteMachineUserRequest

Request object for delete machine user request.

Name Description Schema

machineUserName
required

The name or CRN of the machine user to delete.

string

DeleteMachineUserResponse

Response object for delete machine user request.

Name Description Schema

accessKeysDeleted
required

The list of associated access key CRNs that were deleted.

< string > array

groupsModified
required

The list of group CRNs from which the machine user has been removed.

< string > array

resourcesUnassigned
required

The list of resource role assignments that have been unassigned from the machine user.

< ResourceAssignment > array

rolesUnassigned
required

The list of role CRNs unassigned from the machine user.

< string > array

DeleteSamlProviderRequest

Request object for deleting SAML provider request.

Name Description Schema

samlProviderName
required

The name or CRN of the SAML provider to delete.

string

DeleteSamlProviderResponse

Response object for delete SAML provider request.

Type : object

DeleteScimAccessTokenRequest

Request object to delete the SCIM access token.

Name Description Schema

accessTokenIdOrCrn
required

The ID or CRN of the SCIM access token.

string

DeleteScimAccessTokenResponse

Response object to delete the SCIM access token.

Type : object

DeleteSshPublicKeyRequest

Request object for delete SSH public key.

Name Description Schema

actorCrn
optional

The CRN of the user or machine user that the SSH public key belongs to. If it is not included, it defaults to the actor making the request.

string

crnOrFingerprint
required

The SSH public key CRN or the keys SHA256 fingerprint to remove.

string

DeleteSshPublicKeyResponse

Response object for delete SSH public key.

Type : object

DeleteUserRequest

Request object to delete a user.

Name Description Schema

userId
required

The ID or CRN of the user to delete.

string

DeleteUserResponse

Response object to delete a user.

Name Description Schema

accessKeysDeleted
required

The list of associated access key CRNs that were deleted.

< string > array

groupsModified
required

The list of group CRNs from which the user has been removed.

< string > array

resourcesUnassigned
required

The list of resource role assignments that have been unassigned from the user.

< ResourceAssignment > array

rolesUnassigned
required

The list of role CRNs unassigned from the user.

< string > array

DescribeSamlProviderRequest

Request object for a describe SAML provider request.

Name Description Schema

samlProviderName
required

The name or CRN of the SAML provider to describe.

string

DescribeSamlProviderResponse

Response object for a describe SAML request.

Name Description Schema

samlProvider
required

The SAML provider.

DescribeSshPublicKeyRequest

Request object for describe SSH public key.

Name Description Schema

actorCrn
optional

The CRN of the user or machine user that the SSH public key belongs to. If it is not included, it defaults to the actor making the request.

string

crnOrFingerprint
required

The SSH public key CRN or its SHA256 fingerprint.

string

DescribeSshPublicKeyResponse

Response object for describe user SSH public key.

Name Description Schema

sshPublicKey
required

Information about the SSH public key.

DisableClouderaSSOLoginRequest

Request object for a disable Cloudera SSO login request.

Type : object

DisableClouderaSSOLoginResponse

Response object for a disable Cloudera SSO login request.

Type : object

EnableClouderaSSOLoginRequest

Request object for an enable Cloudera SSO login request.

Type : object

EnableClouderaSSOLoginResponse

Response object for an enable Cloudera SSO login request.

Type : object

Error

An object returned on an error.

Name Description Schema

code
optional

The error code.

string

message
optional

The error message.

string

GenerateWorkloadAuthTokenRequest

Request object for GenerateWorkloadAuthToken method.

Name Description Schema

environmentCrn
optional

The environment CRN, required by DF.

string

workloadName
required

The workload name

GenerateWorkloadAuthTokenResponse

Response object for GenerateWorkloadAuthToken method.

Name Description Schema

endpointUrl
optional

The workload endpoint URL

string

expireAt
optional

When the information should expire

string (date-time)

token
optional

The authentication token

string

GetAccessKeyRequest

Request object for a get access key request.

Name Description Schema

accessKeyId
optional

The ID of the access key to get information about. If it is not included, it defaults to the access key used to make the request.

string

GetAccessKeyResponse

Response object for a get access key request.

Name Description Schema

accessKey
required

Information about the access key.

GetAccountMessagesRequest

Request object for get account messages.

Type : object

GetAccountMessagesResponse

Response object for get account messages.

Name Description Schema

contactYourAdministratorMessage
optional

Message shown to user when user does not have sufficient rights.

string

GetAccountRequest

Request object for a get account request.

Type : object

GetAccountResponse

Response object for a get account response.

Name Description Schema

account
required

The account object.

GetDefaultIdentityProviderRequest

Request object to get the default identity provider.

Type : object

GetDefaultIdentityProviderResponse

Response object to get the default identity provider.

Name Description Schema

crn
required

The CRN of the identity provider used for CDP initiated login requests. The CRN could be a user defined identity provider’s CRN or one of the CDP built-ins (like Cloudera SSO). To retrieve more information about your own user-defined saml providers (or other provider types, not the default ones) call the relevant describeXXXProvider, e.g. for SAML providers call describeSamlProvider.

string

GetUserRequest

Request object for a get user request.

Name Description Schema

userId
optional

The ID of the user to get information about. If it is not included, it defaults to the user making the request.

string

GetUserResponse

Response object for a get user request.

Name Description Schema

user
required

Information about the user.

Group

Information about a group.

Name Description Schema

azureCloudIdentities
optional

The list of Azure cloud identities assigned to the group.

< AzureCloudIdentity > array

creationDate
required

The date when this group record was created.

string (date-time)

crn
required

The CRN of the group.

string

groupName
required

The group name.

string

syncMembershipOnUserLogin
optional

Whether group membership is synced when a user logs in. The default is to sync group membership.

boolean

ListAccessKeysRequest

Request object for a list access keys request.

Name Description Schema

accessKeyIds
optional

The access key IDs or CRNs of the access keys.

< string > array

pageSize
optional

The size of each page.
Minimum value : 1
Maximum value : 500

integer (int32)

startingToken
optional

A token to specify where to start paginating. This is the nextToken from a previously truncated response.

string

ListAccessKeysResponse

Response object for a list access keys request.

Name Description Schema

accessKeys
required

The access keys.

< AccessKey > array

nextToken
optional

The token to use when requesting the next set of results. If not present, there are no additional results.

string

ListGroupAssignedResourceRolesRequest

Request object for a list group assigned resource roles request.

Name Description Schema

groupName
required

The group to list the assigned resource roles for. Can be the group’s name or CRN.

string

pageSize
optional

The size of each page.
Minimum value : 1
Maximum value : 100

integer (int32)

startingToken
optional

A token to specify where to start paginating. This is the nextToken from a previously truncated response.

string

ListGroupAssignedResourceRolesResponse

Response object for a list group assigned resource roles request.

Name Description Schema

nextToken
optional

The token to use when requesting the next set of results. If not present, there are no additional results.

string

resourceAssignments
required

The group’s resource assignments.

< ResourceAssignment > array

ListGroupAssignedRolesRequest

Request object for a list group assigned roles request.

Name Description Schema

groupName
required

The group to list the assigned roles for. Can be the group’s name or CRN.

string

pageSize
optional

The size of each page.
Minimum value : 1
Maximum value : 100

integer (int32)

startingToken
optional

A token to specify where to start paginating. This is the nextToken from a previously truncated response.

string

ListGroupAssignedRolesResponse

Response object for a list group assigned roles request.

Name Description Schema

nextToken
optional

The token to use when requesting the next set of results. If not present, there are no additional results.

string

roleCrns
required

The role CRNs assigned to the group.

< string > array

ListGroupMembersRequest

Request object for a list group members request.

Name Description Schema

groupName
required

The name or CRN of the group to list the membership of.

string

pageSize
optional

The size of each page.
Minimum value : 1
Maximum value : 100

integer (int32)

startingToken
optional

A token to specify where to start paginating. This is the nextToken from a previously truncated response.

string

ListGroupMembersResponse

Response object for a list group members request.

Name Description Schema

memberCrns
required

The list of group members.

< string > array

nextToken
optional

The token to use when requesting the next set of results. If not present, there are no additional results.

string

ListGroupsForMachineUserRequest

Request object for a list groups for machine user request.

Name Description Schema

machineUserName
required

The name or CRN of the machine user to list the groups of.

string

pageSize
optional

The size of each page.
Minimum value : 1
Maximum value : 100

integer (int32)

startingToken
optional

A token to specify where to start paginating. This is the nextToken from a previously truncated response.

string

ListGroupsForMachineUserResponse

Response object for a list groups for machine user request.

Name Description Schema

groupCrns
required

The list of groups.

< string > array

nextToken
optional

The token to use when requesting the next set of results. If not present, there are no additional results.

string

ListGroupsForUserRequest

Request object for a list groups for user request.

Name Description Schema

pageSize
optional

The size of each page.
Minimum value : 1
Maximum value : 100

integer (int32)

startingToken
optional

A token to specify where to start paginating. This is the nextToken from a previously truncated response.

string

userId
required

The ID or CRN of the user to list the groups of.

string

ListGroupsForUserResponse

Response object for a list groups for user request.

Name Description Schema

groupCrns
required

The list of groups.

< string > array

nextToken
optional

The token to use when requesting the next set of results. If not present, there are no additional results.

string

ListGroupsRequest

Request object for a list groups request.

Name Description Schema

groupNames
optional

The group names or CRNs of the groups. If not provided, all groups in the account are retrieved.

< string > array

pageSize
optional

The size of each page.
Minimum value : 1
Maximum value : 100

integer (int32)

startingToken
optional

A token to specify where to start paginating. This is the nextToken from a previously truncated response.

string

ListGroupsResponse

Response object for a list groups request.

Name Description Schema

groups
required

The list of groups.

< Group > array

nextToken
optional

The token to use when requesting the next set of results. If not present, there are no additional results.

string

ListMachineUserAssignedResourceRolesRequest

Request object for a list machine user assigned resource roles request.

Name Description Schema

machineUserName
required

The machine user to list the assigned resource roles for. Can be the machine user’s name or CRN.

string

pageSize
optional

The size of each page.
Minimum value : 1
Maximum value : 100

integer (int32)

startingToken
optional

A token to specify where to start paginating. This is the nextToken from a previously truncated response.

string

ListMachineUserAssignedResourceRolesResponse

Response object for a list machine user assigned roles request.

Name Description Schema

nextToken
optional

The token to use when requesting the next set of results. If not present, there are no additional results.

string

resourceAssignments
required

The user’s resource assignments.

< ResourceAssignment > array

ListMachineUserAssignedRolesRequest

Request object for a list machine user assigned roles request.

Name Description Schema

machineUserName
required

The machine user to list the assigned roles for. Can be the machine user’s name or CRN.

string

pageSize
optional

The size of each page.
Minimum value : 1
Maximum value : 100

integer (int32)

startingToken
optional

A token to specify where to start paginating. This is the nextToken from a previously truncated response.

string

ListMachineUserAssignedRolesResponse

Response object for a list machine user assigned roles request.

Name Description Schema

nextToken
optional

The token to use when requesting the next set of results. If not present, there are no additional results.

string

roleCrns
required

The role CRNs assigned to the user.

< string > array

ListMachineUsersRequest

Request object for a list machine users request.

Name Description Schema

machineUserNames
optional

The names or the CRNs of the machine users. If not provided all machine users for the account are retrieved.

< string > array

pageSize
optional

The size of each page.
Minimum value : 1
Maximum value : 100

integer (int32)

startingToken
optional

A token to specify where to start paginating. This is the nextToken from a previously truncated response.

string

ListMachineUsersResponse

Response object for a list machine users request.

Name Description Schema

machineUsers
required

The machine users.

< MachineUser > array

nextToken
optional

The token to use when requesting the next set of results. If not present, there are no additional results.

string

ListResourceAssigneesRequest

Request object for a list resource assignees request.

Name Description Schema

pageSize
optional

The size of each page.
Minimum value : 1
Maximum value : 100

integer (int32)

resourceCrn
required

The resource CRN for which to list the assignees.

string

startingToken
optional

A token to specify where to start paginating. This is the nextToken from a previously truncated response.

string

ListResourceAssigneesResponse

Response object for a list resource assignees request.

Name Description Schema

nextToken
optional

The token to use when requesting the next set of results. If not present, there are no additional results.

string

resourceAssignees
required

List of resource assignees and their respective resource roles for the resource.

< ResourceAssignee > array

ListResourceRolesRequest

Request object for a list resource roles request.

Name Description Schema

pageSize
optional

The size of each page.
Minimum value : 1
Maximum value : 100

integer (int32)

resourceRoleNames
optional

The resource roles CRNs to retrieve. If empty all resource roles will be returned.

< string > array

startingToken
optional

A token to specify where to start paginating. This is the nextToken from a previously truncated response.

string

ListResourceRolesResponse

Response object for a list resource roles request.

Name Description Schema

nextToken
optional

The token to use when requesting the next set of results. If not present, there are no additional results.

string

resourceRoles
required

The list of resource roles. Cannot be empty.

< ResourceRole > array

ListRolesRequest

Request object for a list roles request.

Name Description Schema

pageSize
optional

The size of each page.
Minimum value : 1
Maximum value : 100

integer (int32)

roleNames
optional

The roles names or CRNs to retrieve. If empty all roles will be returned.

< string > array

startingToken
optional

A token to specify where to start paginating. This is the nextToken from a previously truncated response.

string

ListRolesResponse

Response object for a list roles request.

Name Description Schema

nextToken
optional

The token to use when requesting the next set of results. If not present, there are no additional results.

string

roles
required

The list of roles in the account.

< Role > array

ListSamlProvidersRequest

Request object for a list SAML providers request.

Name Description Schema

pageSize
optional

The size of each page.
Minimum value : 1
Maximum value : 100

integer (int32)

samlProviderNames
optional

The SAML providers names or CRNs to retrieve. If empty all SAML providers will be returned.

< string > array

startingToken
optional

A token to specify where to start paginating. This is the nextToken from a previously truncated response.

string

ListSamlProvidersResponse

Response object for a list SAML providers request.

Name Description Schema

nextToken
optional

The token to use when requesting the next set of results. If not present, there are no additional results.

string

samlProviders
required

The SAML providers.

< SamlProvider > array

ListScimAccessTokensRequest

Request object to list the SCIM access tokens.

Name Description Schema

identityProviderNameOrCrn
required

The name or CRN of the identity provider.

string

pageSize
optional

The size of each page.
Minimum value : 1
Maximum value : 100

integer (int32)

startingToken
optional

A token to specify where to start paginating. This is the nextToken from a previously truncated response.

string

ListScimAccessTokensResponse

Response object to list the SCIM access tokens.

Name Description Schema

accessTokens
required

The SCIM access tokens.

< ScimAccessToken > array

nextToken
optional

The token to use when requesting the next set of results. If not present, there are no additional results.

string

ListServicePrincipalCloudIdentitiesRequest

Request object for a list service principal cloud identities request.

Name Description Schema

environmentCrn
optional

The CRN of the environment for which cloud identity mappings should be listed. If omitted, mappings for all environments are listed.

string

pageSize
optional

The size of each page.
Minimum value : 1
Maximum value : 100

integer (int32)

servicePrincipals
optional

The service principals for which cloud identity mappings should be listed. If omitted, mappings for all service principals are listed.

< string > array

startingToken
optional

A token to specify where to start paginating. This is the nextToken from a previously truncated response.

string

ListServicePrincipalCloudIdentitiesResponse

Response object for a list service principal cloud identities request.

Name Description Schema

nextToken
optional

The token to use when requesting the next set of results. If not present, there are no additional results.

string

servicePrincipalCloudIdentities
required

The list of service principal cloud identity mappings.

ListSshPublicKeysRequest

Request object for list SSH public key.

Name Description Schema

actorCrn
optional

The CRN of the user or machine user to list SSH public keys for. If it is not included, it defaults to the actor making the request.

string

ListSshPublicKeysResponse

Response object for list SSH public key.

Name Description Schema

sshPublicKeys
required

The list of SSH Public keys.

< SshPublicKey > array

ListUserAssignedResourceRolesRequest

Request object for a list user assigned resource roles request.

Name Description Schema

pageSize
optional

The size of each page.
Minimum value : 1
Maximum value : 100

integer (int32)

startingToken
optional

A token to specify where to start paginating. This is the nextToken from a previously truncated response.

string

user
optional

The user to list the assigned roles for. Can be the user’s CRN or id. If it is not included, it defaults to the user making the request.

string

ListUserAssignedResourceRolesResponse

Response object for a list user assigned roles request.

Name Description Schema

nextToken
optional

The token to use when requesting the next set of results. If not present, there are no additional results.

string

resourceAssignments
required

The user’s resource assignments.

< ResourceAssignment > array

ListUserAssignedRolesRequest

Request object for a list user assigned roles request.

Name Description Schema

pageSize
optional

The size of each page.
Minimum value : 1
Maximum value : 100

integer (int32)

startingToken
optional

A token to specify where to start paginating. This is the nextToken from a previously truncated response.

string

user
optional

The user to list the assigned roles for. Can be the user’s CRN or id. If it is not included, it defaults to the user making the request.

string

ListUserAssignedRolesResponse

Response object for a list user assigned roles request.

Name Description Schema

nextToken
optional

The token to use when requesting the next set of results. If not present, there are no additional results.

string

roleCrns
required

The role CRNs assigned to the user.

< string > array

ListUsersRequest

Request object for a list users request.

Name Description Schema

pageSize
optional

The size of each page.
Minimum value : 1
Maximum value : 500

integer (int32)

startingToken
optional

A token to specify where to start paginating. This is the nextToken from a previously truncated response.

string

userIds
optional

The user IDs or CRNs of the users.

< string > array

ListUsersResponse

Response object for a list users request.

Name Description Schema

nextToken
optional

The token to use when requesting the next set of results. If not present, there are no additional results.

string

users
required

The users.

< User > array

MachineUser

Information about a Cloudera CDP machine user.

Name Description Schema

azureCloudIdentities
optional

The list of Azure cloud identities assigned to the machine user.

< AzureCloudIdentity > array

creationDate
required

The date when this machine user record was created.

string (date-time)

crn
required

The CRN of the user.

string

machineUserName
required

The machine user name.

string

status
optional

The current status of the machine user. The possible status values are ACTIVE and CONTROL_PLANE_LOCKED_OUT. ACTIVE indicates that the machine user is active in CDP. An active machine user can authenticate to the CDP control plane and workload clusters. CONTROL_PLANE_LOCKED_OUT indicates that the machine user is locked out of the CDP control plane. The locked-out machine user can no longer authenticate to the control plane but can authenticate to the workload clusters. Note that more statuses could be added in the future. The statuses other than ACTIVE are only returned on Cloudera for Government.

string

workloadPasswordDetails
optional

Information about the workload password for the machine user.

workloadUsername
optional

The username used in all the workload clusters of the machine user.

string

MigrateUsersToIdentityProviderRequest

Request object for migrating users from an Identity Provider Connector to a new one.

Name Description Schema

newProviderName
required

The name or CRN of the new IdP provider to migrate to.

string

originalProviderName
required

The name or CRN of the original IdP provider to migrate from.

string

MigrateUsersToIdentityProviderResponse

Response object for migrating users from old Identity Provider Connector to a new one.

Name Description Schema

numberOfUpdatedUsers
required

The number of users that were migrated from the old IdP to the new one.

integer (int32)

PasswordPolicy

An object representing password policy options.

Name Description Schema

maxPasswordLifetimeDays
optional

The maximum lifetime of passwords, in days. If set to '0' passwords never expire. The default is 0.
Minimum value : 0

integer (int32)

minPasswordLength
optional

The minimum length of a password. Can be any number between 6 and 256. The default minimum password length is 8.
Minimum value : 6
Maximum value : 256

integer (int32)

minPasswordLifetimeDays
optional

The minimum lifetime of passwords, in days. The password must be used for this duration before it can be changed. If set to '0' the password may be changed any time. The default is 0. The minPasswordLifetimeDays must be greater than maxPasswordLifetimeDays.
Minimum value : 0

integer (int32)

mustIncludeLowerCaseCharacters
optional

Whether passwords must include lower case characters. The default is 'true'.

boolean

mustIncludeNumbers
optional

Whether passwords must include numbers. The default is 'true'.

boolean

mustIncludeSymbols
optional

Whether passwords must include symbols. The symbols are '#', '&', '*', '$', '%', '@', '^', '.', '_', and '!'. The default is 'true'.

boolean

mustIncludeUpperCaseCharacters
optional

Whether passwords must include upper case characters. The default is 'true'.

boolean

passwordHistorySize
optional

The number of previous passwords that should be remembered. The user or machine user is prevented from reusing these passwords. Can be any number between 0 and 20. The default is 0, this value means all previous passwords may be reused.
Minimum value : 0
Maximum value : 20

integer (int32)

Policy

A policy contains a list of one or more policy statements.

Name Description Schema

crn
required

The policy crn.

string

policyStatements
required

The policy statements.

< PolicyStatement > array

PolicyStatement

A policy statement is a list of rights and zero or more resources on which the rights are granted.

Name Description Schema

resources
required

The resources on which the rights are granted.

< string > array

rights
required

The list of rights in the policy statement.

< string > array

RemoveMachineUserFromGroupRequest

Request object for a remove machine user from group request.

Name Description Schema

groupName
required

The name or CRN of the group to remove the machine user from.

string

machineUserName
required

The name or CRN of the machine user to add to the group.

string

RemoveMachineUserFromGroupResponse

Response object for a remove machine user from group request.

Type : object

RemoveUserFromGroupRequest

Request object for a remove user from group request.

Name Description Schema

groupName
required

The name or CRN of the group to remove the user from.

string

userId
required

The ID or CRN of the user to remove from the group.

string

RemoveUserFromGroupResponse

Response object for a remove user from group request.

Type : object

ResourceAssignee

Information about the resource role assignee for the resource.

Name Description Schema

assigneeCrn
required

The CRN of the assignee.

string

resourceRoleCrn
required

The assigned resource role CRN.

string

ResourceAssignment

Information about a resource assignment.

Name Description Schema

resourceCrn
required

The assigned resource’s CRN.

string

resourceRoleCrn
required

The assigned resource role CRN.

string

ResourceRole

Information about a resource role. A resource role is a role that grants a collection of rights to a user on resources.

Name Description Schema

crn
required

The CRN of the resource role.

string

rights
required

The rights granted by this role.

< string > array

Role

Information about a role.

Name Description Schema

crn
required

The role’s CRN.

string

policies
required

The list of policies that belong to the role. Cannot be empty.

< Policy > array

SamlProvider

Information used to connect a CDP account to an external identity provider.

Name Description Schema

cdpSpMetadata
optional

The Service Provider SAML metadata specific to this CDP SAML provider. This field will only be set for createSamlProvider and describeSamlProvider API calls.

string

creationDate
required

The date when this SAML provider record was created.

string (date-time)

crn
required

CRN of the SAML provider in CDP.

string

enableScim
optional

Whether SCIM is enabled on this SAML provider. System for Cross-domain Identity Management (SCIM) version 2.0 is a standard for automating the provisioning of user and group identity information from identity provider to CDP. It is omitted for Cloudera for Government.

boolean

generateWorkloadUsernameByEmail
optional

Whether to generate users' workload username by email or by identity provider user ID (SAML NameID).

boolean

samlMetadataDocument
optional

The original metadata that was passed while creating the SAML provider connector. This field will not be set when the SAML provider does not have metadata. This field will not be set for listSamlProviders API response.

string

samlProviderId
required

The unique ID of the saml provider.

string

samlProviderName
required

Name of the SAML provider.

string

scimUrl
optional

The SCIM URL if SCIM is enabled. It is omitted for Cloudera for Government.

string

syncGroupsOnLogin
required

Whether users federated with this SAML provider will have their group membership synchronized. Group membership can be passed using the https://cdp.cloudera.com/SAML/Attributes/groups SAML assertion.

boolean

ScimAccessToken

Information about the SCIM access token.

Name Description Schema

accessTokenId
required

The SCIM access token id.

string

creationDate
required

The date when this SCIM access token was created.

string (date-time)

crn
required

The SCIM access token CRN.

string

expirationDate
optional

The SCIM access token expiration date. The access token never expires if the value is not set.

string (date-time)

ServicePrincipalCloudIdentities

Cloud identity mappings for a service principal.

Name Description Schema

azureCloudIdentities
optional

The list of Azure cloud identities assigned to the service principal.

< AzureCloudIdentity > array

servicePrincipal
required

The name of the service principal that the cloud identities are assigned to.

string

SetAccountMessagesRequest

Request object for set account messages for account.

Name Description Schema

contactYourAdministratorMessage
optional

Message shown to user when user does not have sufficient rights. Length of message cannot be more than 512 characters. If string is empty, default message is displayed.

string

SetAccountMessagesResponse

Response object for set account messages.

Type : object

SetAuthenticationPolicyRequest

Request object for a set authentication policy request.

Name Description Schema

accessKeyExpirationSec
optional

The expiration, in seconds, of the access key. Set the value to '0' to use system default expiration (which is 12 hours for CDP). The value will be set to '0' if not provided.
Minimum value : 0

integer (int32)

accessKeyInactivityDurationSec
optional

The inactivity duration, in seconds, of the access key, which would invalidate the access key due to inactivity. Set the value to '0' to use the system’s default inactivity duration (which is 1 hour normally and 15 minutes for Cloudera for Government). If set to a value longer than the value for accessKeyExpirationSec then there will be no inactivity timeout. The value will be set to '0' if not provided.
Minimum value : 0

integer (int32)

clientIpAddressesAllowed
optional

The list of IP addresses and/or CIDRs used for allowing client access to the UI and API services. Duplicated values will be removed automatically. Both the allowed list and the blocked list will be used to determine whether to grant or block the client’s access. The blocked list takes precedence over the allowed list. When the list is empty or not set, client IP address will not be validated to be present in the allowed list.

< string > array

clientIpAddressesBlocked
optional

The list of IP addresses and/or CIDRs used for blocking client access to the UI and API services. Duplicated values will be removed automatically. Both the allowed list and the blocked list will be used to determine whether to grant or block the client’s access. The blocked list takes precedence over the allowed list. When the list is empty or not set, client IP address will not be validated to be absent from the blocked list.

< string > array

sessionTokenExpirationSec
optional

The expiration, in seconds, of the UI session token. Set the value to '0' to use system default expiration (which is 12 hours for CDP). The value will be set to '0' if not provided.
Minimum value : 0

integer (int32)

sessionTokenInactivityDurationSec
optional

The inactivity duration, in seconds, of the UI session token, which would invalidate the session token due to inactivity. Set the value to '0' to use the system’s default inactivity duration (which is 1 hour normally and 15 minutes for Cloudera for Government). If set to a value longer than the value for sessionTokenExpirationSec then there will be no inactivity timeout. The value will be set to '0' if not provided.
Minimum value : 0

integer (int32)

SetAuthenticationPolicyResponse

Response object for a set authentication policy request.

Type : object

SetDefaultIdentityProviderRequest

Request object to set the default identity provider.

Name Description Schema

nameOrCrn
required

The name or CRN of the default identity provider.

string

SetDefaultIdentityProviderResponse

Response object to set the default identity provider.

Type : object

SetWorkloadPasswordPolicyRequest

Request object for a set workload password policy request.

Name Description Schema

globalPasswordPolicy
optional

The global password policy object. If set, maxPasswordLifetimeDays is ignored, and if not set the default values for the different password policies are used. See PasswordPolicy for more details on the different default values.

machineUsersPasswordPolicy
optional

The password policy object for machine users. If set, this will be used for enforcing password complexity for machine users instead of the global password policy.

SetWorkloadPasswordPolicyResponse

Response object for a set workload password policy request.

Type : object

SetWorkloadPasswordRequest

Request object for a set workload password request.

Name Description Schema

actorCrn
optional

The CRN of the user or machine user for whom the password will be set. If it is not included, it defaults to the user making the request.

string

password
required

The password value to set

string

SetWorkloadPasswordResponse

Response object for a set workload password request.

Type : object

SshPublicKey

Information about an SSH public key.

Name Description Schema

crn
required

The SSH public key CRN.

string

description
optional

An optional description for the public key.

string

publicKey
optional

The SSH public key string. Only populated for DescribeSshPublicKeyResponses. This is the same string that was used when the key was added.

string

publicKeyFingerprint
required

The SSH public key SHA256 fingerprint. This is identical to the SHA256 produced by running the following command on a public key named 'key.pub'; ssh-keygen -l -E SHA256 -f /home/user/.ssh/key.pub. Note that ssh-keygen removes any padding bytes from the BASE64 fingerprint encoding (the '=' characters at the end of the fingerprint) which is also true for this fingerprint.

string

UnassignAzureCloudIdentityRequest

Request object for an unassign Azure cloud identity request.

Name Description Schema

assigneeCrn
required

The CRN of the actor or group from which the cloud identity will be unassigned.

string

UnassignAzureCloudIdentityResponse

Response object for an unassign Azure cloud identity request.

Type : object

UnassignGroupResourceRoleRequest

Request object for an unassign group resource role request.

Name Description Schema

groupName
required

The group to unassign the resource role from.

string

resourceCrn
required

The CRN of the resource for which the resource role rights will be unassigned.

string

resourceRoleCrn
required

The CRN of the resource role to unassign from the group.

string

UnassignGroupResourceRoleResponse

Response object for an unassign group role request.

Type : object

UnassignGroupRoleRequest

Request object for an unassign group role request.

Name Description Schema

groupName
required

The group to unassign the role from. Can be the group name or CRN.

string

role
required

The role to unassign from the group. Can be the role’s CRN or name.

string

UnassignGroupRoleResponse

Response object for an unassign group role request.

Type : object

UnassignMachineUserResourceRoleRequest

Request object for an unassign machine user role request.

Name Description Schema

machineUserName
required

The machine user to unassign the resource role from. Can be the machine user’s name or CRN.

string

resourceCrn
required

The CRN of the resource for which the resource role rights will be unassigned.

string

resourceRoleCrn
required

The CRN of the resource role to unassigned from the machine user.

string

UnassignMachineUserResourceRoleResponse

Response object for an unassign machine user role request.

Type : object

UnassignMachineUserRoleRequest

Request object for an unassign machine user role request.

Name Description Schema

machineUserName
required

The machine user to unassigned the roles from. Can be the machine user’s name or CRN.

string

role
required

The role to unassigned from the user. Can be the role’s name or CRN.

string

UnassignMachineUserRoleResponse

Response object for an unassign machine user role request.

Type : object

UnassignServicePrincipalAzureCloudIdentityRequest

Request object for an unassign service principal Azure cloud identity request.

Name Description Schema

environmentCrn
required

The CRN of the environment for which the cloud identity to unassign is in effect.

string

servicePrincipal
required

The name of the service principal from which the cloud identity will be unassigned.

string

UnassignServicePrincipalAzureCloudIdentityResponse

Response object for an unassign service principal Azure cloud identity request.

Type : object

UnassignUserResourceRoleRequest

Request object for an unassign user role request.

Name Description Schema

resourceCrn
required

The CRN of the resource for which the resource role rights will be unassigned.

string

resourceRoleCrn
required

The CRN of the resource role to unassigned from the user.

string

user
required

The user to unassign the resource role from.

string

UnassignUserResourceRoleResponse

Response object for an unassign user role request.

Type : object

UnassignUserRoleRequest

Request object for an unassign user role request.

Name Description Schema

role
required

The role to unassigned from the user. Can be the role’s CRN or name.

string

user
required

The user to unassigned the roles from. Can be the user CRN or id.

string

UnassignUserRoleResponse

Response object for an unassign user role request.

Type : object

UnlockMachineUserInControlPlaneRequest

Request object for unlocking the machine user in the control plane.

Name Description Schema

machineUser
required

The name or CRN of the machine user to be unlocked in the CDP control plane.

string

UnlockMachineUserInControlPlaneResponse

Response object for unlocking the machine user in the CDP control plane.

Name Description Schema

machineUser
required

The unlocked machine user.

UnlockUserInControlPlaneRequest

Request object for unlocking the user in the CDP control plane.

Name Description Schema

user
required

The ID or CRN of the user to be unlocked in the CDP control plane.

string

UnlockUserInControlPlaneResponse

Response object for unlocking the user in the CDP control plane.

Name Description Schema

user
required

The unlocked user.

UnsetWorkloadPasswordMinLifetimeRequest

Request object for a unset workload password min lifetime request.

Name Description Schema

actorCrn
required

The CRN of the actor for whom to unset the workload password minimum lifetime date.

string

UnsetWorkloadPasswordMinLifetimeResponse

Response object for an unset workload password minimum lifetime request.

Type : object

UnsetWorkloadPasswordPolicyRequest

Request object for a unset workload password policy request.

Name Description Schema

unsetGlobalPasswordPolicy
optional

Whether to unset the global password policy. This will reset the global policy to its defaults.

boolean

unsetMachineUsersPasswordPolicy
optional

Whether to unset the machine user password policy, if one exists.

boolean

UnsetWorkloadPasswordPolicyResponse

Response object for a unset workload password policy request.

Type : object

UpdateAccessKeyRequest

Request object for an update access key request.

Name Description Schema

accessKeyId
required

The ID of the access key to update.

string

status
required

The status to assign to the access key.

enum (ACTIVE, INACTIVE)

UpdateAccessKeyResponse

Response object for an update access key request.

Name Description Schema

accessKey
required

The access key that was updated.

UpdateGroupRequest

Request object for update group request.

Name Description Schema

groupName
required

The name or CRN of the group to update.

string

syncMembershipOnUserLogin
optional

Whether group membership is synced when a user logs in. Can be omitted if no update is required.

boolean

UpdateGroupResponse

Response object for update group request.

Name Description Schema

group
required

Information about the updated group.

UpdateSamlProviderRequest

Request object for an updating SAML provider request.

Name Description Schema

enableScim
optional

Whether to enable SCIM on this SAML provider. System for Cross-domain Identity Management (SCIM) version 2.0 is a standard for automating the provisioning of user and group identity information from identity provider to CDP. It is not supported for Cloudera for Government.

boolean

generateWorkloadUsernameByEmail
optional

Whether to generate users' workload username by email. The default is to generate workload usernames by identity provider user ID (SAML NameID).

boolean

samlMetadataDocument
optional

SAML metadata document XML file. Length of meta data document cannot be more than 200 KB (200,000 bytes). Can be omitted if no update is required.
Maximal length : 200000

string

samlProviderName
required

The name or CRN of SAML provider to update.

string

syncGroupsOnLogin
optional

Whether to sync group information for users federated with this SAML provider. Group membership can be passed using the https://cdp.cloudera.com/SAML/Attributes/groups SAML assertion. The default is to synchronize group membership. Can be omitted if no update is required.

boolean

UpdateSamlProviderResponse

Response object for an updating SAML provider request.

Name Description Schema

samlProvider
required

The SAML provider.

UpdateUserRequest

Request object to update a user.

Name Description Schema

active
optional

The active state to which to set the user. When it is 'true', the user will be activated. When it is 'false' the user will be deactivated.

boolean

user
required

The CRN or userId of the user to be updated.

string

UpdateUserResponse

Response object to update a user.

Name Description Schema

user
required

Information about the updated user.

User

Information about a Cloudera CDP user.

Name Description Schema

accountAdmin
required

Whether the user is an administrator of their CDP account.

boolean

azureCloudIdentities
optional

The list of Azure cloud identities assigned to the user.

< AzureCloudIdentity > array

creationDate
required

The date when this user record was created.

string (date-time)

crn
required

The CRN of the user.

string

email
required

The user’s email address.

string

firstName
required

The user’s first name.

string

identityProviderCrn
required

The identity provider that the user belongs to. It can be "Cloudera-Default", "Cloudera-Administration", or a customer defined IdP.

string

lastInteractiveLogin
optional

The date of the user’s last interactive login.

string (date-time)

lastName
required

The user’s last name.

string

status
optional

The current status of the user. The possible status values are ACTIVE, CONTROL_PLANE_LOCKED_OUT, and DEACTIVATED. ACTIVE indicates that the user is active in CDP. An active user can authenticate to the CDP control plane and workload clusters. CONTROL_PLANE_LOCKED_OUT indicates that the user is locked out of the CDP control plane. The locked-out user can no longer authenticate to the control plane but can authenticate to the workload clusters. DEACTIVATED indicates that the user is deactivated in CDP. A deactivated user can neither authenticate to the control plane nor to the workload clusters. Note that more statuses could be added in the future. The statuses other than ACTIVE are only returned on Cloudera for Government.

string

userId
required

The stable, unique identifier of the user.

string

workloadPasswordDetails
optional

Information about the workload password for the user.

workloadUsername
optional

The username used in all the workload clusters of the user.

string

WorkloadName

The workload name.

Type : enum (DE, DF, OPDB)

WorkloadPasswordDetails

Information about the workload password for a user or machine user.

Name Description Schema

isPasswordSet
required

Whether a workload password is set.

boolean

passwordExpirationDate
optional

The date at which the workload password will expire.

string (date-time)

passwordMinLifetimeDate
optional

The minimum lifetime date of the workload password. A new password can’t be set until this date.

string (date-time)

WorkloadPasswordPolicy

Information about the workload password policy for an account.

Name Description Schema

maxPasswordLifetimeDays
required

The maximum lifetime, in days, of the password. If '0' passwords never expire.

integer (int32)

minPasswordLength
required

The minimum length of a password.

integer (int32)

minPasswordLifetimeDays
required

The minimum lifetime of passwords, in days. The password must be used for this duration before it can be changed. If set to '0' the password may be changed any time. The default is 0.

integer (int32)

mustIncludeLowerCaseCharacters
required

Whether passwords must include lower case characters.

boolean

mustIncludeNumbers
required

Whether passwords must include numbers.

boolean

mustIncludeSymbols
required

Whether passwords must include symbols. The symbols are '#', '&', '*', '$', '%', '@', '^', '.', '_', and '!'.

boolean

mustIncludeUpperCaseCharacters
required

Whether passwords must include upper case characters.

boolean

passwordHistorySize
required

The number of previous passwords that should be remembered. The user or machine user is prevented from reusing these passwords. Can be any number between 0 and 20. The default is 0, this value means all previous passwords may be reused.

integer (int32)


Copyright © 2024 Cloudera, Inc. All rights reserved.