Overview
Cloudera CDP IAM is a web service that you can use to manage users and user permissions under your CDP account.
Version information
Version : 0.9.126 (BETA)
License information
License : Apache 2.0
Terms of service : https://www.cloudera.com/legal/commercial-terms-and-conditions.html
URI scheme
Schemes : HTTPS
Consumes
-
application/json
Produces
-
application/json
Paths
Add a machine user to group.
POST /iam/addMachineUserToGroup
Description
Add a machine user to a group.
Parameters
| Type | Name | Schema |
|---|---|---|
Body |
input |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
200 |
Expected response to a valid request. |
|
default |
The default response on an error. |
Adds an SSH public key for an actor.
POST /iam/addSshPublicKey
Description
Adds an SSH public key for an actor. The private key that corresponds to this public key can be used to SSH into any workload cluster that the actor is authorized to use.
Parameters
| Type | Name | Schema |
|---|---|---|
Body |
input |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
200 |
Expected response to a valid request. |
|
default |
The default response on an error. |
Add a user to a group.
POST /iam/addUserToGroup
Description
Add a user to group.
Parameters
| Type | Name | Schema |
|---|---|---|
Body |
input |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
200 |
Expected response to a valid request. |
|
default |
The default response on an error. |
Assign an Azure cloud identity to an actor or group.
POST /iam/assignAzureCloudIdentity
Description
Assign an Azure cloud identity, i.e. an object ID (OID), to an actor or group.
Parameters
| Type | Name | Schema |
|---|---|---|
Body |
input |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
200 |
Expected response to a valid request. |
|
default |
The default response on an error. |
Assign a resource role to a group.
POST /iam/assignGroupResourceRole
Description
Assign a resource role to a group. If the resource role is already assigned to the group the request will fail.
Parameters
| Type | Name | Schema |
|---|---|---|
Body |
input |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
200 |
Expected response to a valid request. |
|
default |
The default response on an error. |
Assign a role to a group.
POST /iam/assignGroupRole
Description
Assign a role to a group. If the role is already assigned to the group the request will fail.
Parameters
| Type | Name | Schema |
|---|---|---|
Body |
input |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
200 |
Expected response to a valid request. |
|
default |
The default response on an error. |
Assign a resource role to a machine user.
POST /iam/assignMachineUserResourceRole
Description
Assign a resource role to a machine user. If the resource role is already assigned to the machine user the request will fail.
Parameters
| Type | Name | Schema |
|---|---|---|
Body |
input |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
200 |
Expected response to a valid request. |
|
default |
The default response on an error. |
Assign a role to a machine user.
POST /iam/assignMachineUserRole
Description
Assign a role to a machine user. If the role is already assigned to the machine user the request will fail.
Parameters
| Type | Name | Schema |
|---|---|---|
Body |
input |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
200 |
Expected response to a valid request. |
|
default |
The default response on an error. |
Assign an Azure cloud identity to a service principal.
POST /iam/assignServicePrincipalAzureCloudIdentity
Description
Assign an Azure cloud identity, i.e. an object ID (OID), to a service principal.
Parameters
| Type | Name | Schema |
|---|---|---|
Body |
input |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
200 |
Expected response to a valid request. |
|
default |
The default response on an error. |
Assign a resource role to a user.
POST /iam/assignUserResourceRole
Description
Assign a resource role to a user. If the resource role is already assigned to the user the request will fail.
Parameters
| Type | Name | Schema |
|---|---|---|
Body |
input |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
200 |
Expected response to a valid request. |
|
default |
The default response on an error. |
Assign a role to a user.
POST /iam/assignUserRole
Description
Assign a role to a user. If the role is already assigned to the user the request will fail.
Parameters
| Type | Name | Schema |
|---|---|---|
Body |
input |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
200 |
Expected response to a valid request. |
|
default |
The default response on an error. |
Create a group.
POST /iam/createGroup
Description
Create a group. A group is a named collection of users and machine users. Roles and resource roles can be assigned to a group impacting all members of the group.
Parameters
| Type | Name | Schema |
|---|---|---|
Body |
input |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
200 |
Expected response to a valid request. |
|
default |
The default response on an error. |
Create a machine user.
POST /iam/createMachineUser
Description
Creates a machine user in the account. A machine user can be used to access CDP API. A machine user can have access keys associated with it and can be assigned roles and resource roles. A machine user cannot login to the CDP console.
Parameters
| Type | Name | Schema |
|---|---|---|
Body |
input |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
200 |
Expected response to a valid request. |
|
default |
The default response on an error. |
Creates a new access key for a machine user.
POST /iam/createMachineUserAccessKey
Description
Creates a new access key for a machine user.
Parameters
| Type | Name | Schema |
|---|---|---|
Body |
input |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
200 |
Expected response to a valid request. |
|
default |
The default response on an error. |
Creates a SAML provider in CDP.
POST /iam/createSamlProvider
Description
Creates a SAML provider in CDP.
Parameters
| Type | Name | Schema |
|---|---|---|
Body |
input |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
200 |
Expected response to a valid request. |
|
default |
The default response on an error. |
Creates a SCIM access token for a SCIM enabled identity provider.
POST /iam/createScimAccessToken
Description
Creates a SCIM access token for a SCIM enabled identity provider. This token is used to authenticate requests sent to the SCIM endpoints. This operation is not supported for Cloudera for Government.
Parameters
| Type | Name | Schema |
|---|---|---|
Body |
input |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
200 |
Expected response to a valid request. |
|
default |
The default response on an error. |
Creates a user in CDP.
POST /iam/createUser
Description
Creates a user in CDP.
Parameters
| Type | Name | Schema |
|---|---|---|
Body |
input |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
200 |
Expected response to a valid request. |
|
default |
The default response on an error. |
Creates a new access key for a user.
POST /iam/createUserAccessKey
Description
Creates a new access key for a user.
Parameters
| Type | Name | Schema |
|---|---|---|
Body |
input |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
200 |
Expected response to a valid request. |
|
default |
The default response on an error. |
Deletes an access key.
POST /iam/deleteAccessKey
Description
Deletes an access key.
Parameters
| Type | Name | Schema |
|---|---|---|
Body |
input |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
200 |
Expected response to a valid request. |
|
default |
The default response on an error. |
Delete a group.
POST /iam/deleteGroup
Description
Delete a group.
Parameters
| Type | Name | Schema |
|---|---|---|
Body |
input |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
200 |
Expected response to a valid request. |
|
default |
The default response on an error. |
Delete a machine user.
POST /iam/deleteMachineUser
Description
Deletes a machine user. This includes deleting all associated access keys and unassigning all roles and resource roles assigned to the machine user. The machine user is also removed from all groups it belongs to. If the call succeeds the machine user will not be able to use any access keys to access the CDP control plane. Note that user-sync is not triggered yet by this call and the caller must trigger that to ensure that the machine user loses access to all environments as soon as possible.
Parameters
| Type | Name | Schema |
|---|---|---|
Body |
input |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
200 |
Expected response to a valid request. |
|
default |
The default response on an error. |
Deletes a SAML provider in CDP account.
POST /iam/deleteSamlProvider
Description
Deletes a SAML provider in CDP account.
Parameters
| Type | Name | Schema |
|---|---|---|
Body |
input |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
200 |
Expected response to a valid request. |
|
default |
The default response on an error. |
Deletes a SCIM access token.
POST /iam/deleteScimAccessToken
Description
Deletes a SCIM access token. This operation is not supported for Cloudera for Government.
Parameters
| Type | Name | Schema |
|---|---|---|
Body |
input |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
200 |
Expected response to a valid request. |
|
default |
The default response on an error. |
Deletes an SSH public key for an actor.
POST /iam/deleteSshPublicKey
Description
Delete an SSH public key for an actor.
Parameters
| Type | Name | Schema |
|---|---|---|
Body |
input |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
200 |
Expected response to a valid request. |
|
default |
The default response on an error. |
Deletes a user and all associated resources.
POST /iam/deleteUser
Description
Deletes a user. This includes deleting all associated access keys and unassigning all roles and resource roles assigned to the user. The user is also removed from all groups it belongs to. If the call succeeds the user will not be able to login interactively, or use any access keys to access the CDP control plane. This feature is under development and some resources may be left behind after a successful call. Note that user-sync is not triggered yet by this call and the caller must trigger that to ensure that the user loses access to all environments as soon as possible.
Parameters
| Type | Name | Schema |
|---|---|---|
Body |
input |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
200 |
Expected response to a valid request. |
|
default |
The default response on an error. |
Describes one SAML provider.
POST /iam/describeSamlProvider
Description
Describes one SAML provider.
Parameters
| Type | Name | Schema |
|---|---|---|
Body |
input |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
200 |
Expected response to a valid request. |
|
default |
The default response on an error. |
Describes an SSH public key for an actor.
POST /iam/describeSshPublicKey
Description
Describe an SSH public key for an actor.
Parameters
| Type | Name | Schema |
|---|---|---|
Body |
input |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
200 |
Expected response to a valid request. |
|
default |
The default response on an error. |
Disables interactive login using Cloudera SSO for this account.
POST /iam/disableClouderaSSOLogin
Description
Disables interactive login using Cloudera SSO for this account. When disabled, only users who are designated account administrators will be able to use Cloudera SSO to interactively login to the CDP account. All other users will only be able to interactively login using SAML providers defined for the account. This is a no-op if login using Cloudera SSO are already disabled.
Parameters
| Type | Name | Schema |
|---|---|---|
Body |
input |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
200 |
Expected response to a valid request. |
|
default |
The default response on an error. |
Enables interactive login using Cloudera SSO for this account.
POST /iam/enableClouderaSSOLogin
Description
Enables interactive login using Cloudera SSO for this account. This is a no-op if login using Cloudera SSO are already enabled.
Parameters
| Type | Name | Schema |
|---|---|---|
Body |
input |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
200 |
Expected response to a valid request. |
|
default |
The default response on an error. |
Generates an authentication token for workload APIs.
POST /iam/generateWorkloadAuthToken
Description
Generates an authentication token which is required for sending requests to workload APIs.
Parameters
| Type | Name | Schema |
|---|---|---|
Body |
input |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
200 |
Expected response to a valid request. |
|
default |
The default response on an error. |
Gets information on an access key.
POST /iam/getAccessKey
Description
Gets information on an access key. If no access key ID is specified. Information on the access key used to make the request is returned.
Parameters
| Type | Name | Schema |
|---|---|---|
Body |
input |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
200 |
Expected response to a valid request. |
|
default |
The default response on an error. |
Retrieves information about the CDP account.
POST /iam/getAccount
Description
Retrieves information about the CDP account.
Parameters
| Type | Name | Schema |
|---|---|---|
Body |
input |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
200 |
Expected response to a valid request. |
|
default |
The default response on an error. |
Get account messages.
POST /iam/getAccountMessages
Description
Get account messages.
Parameters
| Type | Name | Schema |
|---|---|---|
Body |
input |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
200 |
Expected response to a valid request. |
|
default |
The default response on an error. |
Retrieves the CRN of the default identity provider.
POST /iam/getDefaultIdentityProvider
Description
Retrieves the CRN of the default identity provider used for CDP initiated login requests.
Parameters
| Type | Name | Schema |
|---|---|---|
Body |
input |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
200 |
Expected response to a valid request. |
|
default |
The default response on an error. |
Gets information on a user.
POST /iam/getUser
Description
Gets information on a user. If no user name is specified. The user name is determined from the access key used to make the request.
Parameters
| Type | Name | Schema |
|---|---|---|
Body |
input |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
200 |
Expected response to a valid request. |
|
default |
The default response on an error. |
Lists access keys.
POST /iam/listAccessKeys
Description
Lists access keys.
Parameters
| Type | Name | Schema |
|---|---|---|
Body |
input |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
200 |
Expected response to a valid request. |
|
default |
The default response on an error. |
Lists a group’s assigned resource roles.
POST /iam/listGroupAssignedResourceRoles
Description
Lists a group’s assigned resource roles.
Parameters
| Type | Name | Schema |
|---|---|---|
Body |
input |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
200 |
Expected response to a valid request. |
|
default |
The default response on an error. |
Lists the group’s assigned roles.
POST /iam/listGroupAssignedRoles
Description
Lists the group’s assigned roles.
Parameters
| Type | Name | Schema |
|---|---|---|
Body |
input |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
200 |
Expected response to a valid request. |
|
default |
The default response on an error. |
List the members of a group.
POST /iam/listGroupMembers
Description
List the members of a group.
Parameters
| Type | Name | Schema |
|---|---|---|
Body |
input |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
200 |
Expected response to a valid request. |
|
default |
The default response on an error. |
Lists groups.
POST /iam/listGroups
Description
Lists groups. If no group names are specified, the call lists all groups.
Parameters
| Type | Name | Schema |
|---|---|---|
Body |
input |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
200 |
Expected response to a valid request. |
|
default |
The default response on an error. |
List the groups that the machine user belongs to.
POST /iam/listGroupsForMachineUser
Description
List the groups that the machine user belongs to.
Parameters
| Type | Name | Schema |
|---|---|---|
Body |
input |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
200 |
Expected response to a valid request. |
|
default |
The default response on an error. |
List the groups that the user belongs to.
POST /iam/listGroupsForUser
Description
List the groups that the user belongs to.
Parameters
| Type | Name | Schema |
|---|---|---|
Body |
input |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
200 |
Expected response to a valid request. |
|
default |
The default response on an error. |
Lists a machine user’s assigned resource roles.
POST /iam/listMachineUserAssignedResourceRoles
Description
Lists a machine user’s assigned resource roles.
Parameters
| Type | Name | Schema |
|---|---|---|
Body |
input |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
200 |
Expected response to a valid request. |
|
default |
The default response on an error. |
Lists the machine user’s assigned roles.
POST /iam/listMachineUserAssignedRoles
Description
Lists the machine user’s assigned roles.
Parameters
| Type | Name | Schema |
|---|---|---|
Body |
input |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
200 |
Expected response to a valid request. |
|
default |
The default response on an error. |
Lists machine users.
POST /iam/listMachineUsers
Description
Lists machine users in the account.
Parameters
| Type | Name | Schema |
|---|---|---|
Body |
input |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
200 |
Expected response to a valid request. |
|
default |
The default response on an error. |
List the resource assignees and their respective resource roles for the resource.
POST /iam/listResourceAssignees
Description
List the resource assignees and their respective resource roles for the resource.
Parameters
| Type | Name | Schema |
|---|---|---|
Body |
input |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
200 |
Expected response to a valid request. |
|
default |
The default response on an error. |
Lists all the available resource roles.
POST /iam/listResourceRoles
Description
Lists all the available resource roles. Resource roles grant rights over certain resources.
Parameters
| Type | Name | Schema |
|---|---|---|
Body |
input |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
200 |
Expected response to a valid request. |
|
default |
The default response on an error. |
Lists all the available roles.
POST /iam/listRoles
Description
Lists all the available roles. Roles grant rights to users via policies that are attached to the roles.
Parameters
| Type | Name | Schema |
|---|---|---|
Body |
input |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
200 |
Expected response to a valid request. |
|
default |
The default response on an error. |
Lists SAML providers in CDP account.
POST /iam/listSamlProviders
Description
Lists SAML providers in CDP account.
Parameters
| Type | Name | Schema |
|---|---|---|
Body |
input |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
200 |
Expected response to a valid request. |
|
default |
The default response on an error. |
Lists SCIM access tokens for a SCIM enabled identity provider.
POST /iam/listScimAccessTokens
Description
Lists SCIM access tokens for a SCIM enabled identity provider. These access tokens are used to authenticate requests sent to the SCIM endpoints. This operation is not supported for Cloudera for Government.
Parameters
| Type | Name | Schema |
|---|---|---|
Body |
input |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
200 |
Expected response to a valid request. |
|
default |
The default response on an error. |
List cloud identity mappings for service principals.
POST /iam/listServicePrincipalCloudIdentities
Description
List cloud identity mappings for service principals.
Parameters
| Type | Name | Schema |
|---|---|---|
Body |
input |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
200 |
Expected response to a valid request. |
|
default |
The default response on an error. |
Lists SSH public keys for an actor.
POST /iam/listSshPublicKeys
Description
Lists SSH public keys for an actor.
Parameters
| Type | Name | Schema |
|---|---|---|
Body |
input |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
200 |
Expected response to a valid request. |
|
default |
The default response on an error. |
Lists a user’s assigned resource roles.
POST /iam/listUserAssignedResourceRoles
Description
Lists a user’s assigned resource roles.
Parameters
| Type | Name | Schema |
|---|---|---|
Body |
input |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
200 |
Expected response to a valid request. |
|
default |
The default response on an error. |
Lists the user’s assigned roles.
POST /iam/listUserAssignedRoles
Description
Lists the user’s assigned roles.
Parameters
| Type | Name | Schema |
|---|---|---|
Body |
input |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
200 |
Expected response to a valid request. |
|
default |
The default response on an error. |
Lists users.
POST /iam/listUsers
Description
Lists users.
Parameters
| Type | Name | Schema |
|---|---|---|
Body |
input |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
200 |
Expected response to a valid request. |
|
default |
The default response on an error. |
Remove a machine user from a group.
POST /iam/removeMachineUserFromGroup
Description
Remove a machine user from a group.
Parameters
| Type | Name | Schema |
|---|---|---|
Body |
input |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
200 |
Expected response to a valid request. |
|
default |
The default response on an error. |
Remove a user from a group.
POST /iam/removeUserFromGroup
Description
Remove a user from a group.
Parameters
| Type | Name | Schema |
|---|---|---|
Body |
input |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
200 |
Expected response to a valid request. |
|
default |
The default response on an error. |
Set messages for an account.
POST /iam/setAccountMessages
Description
Set messages for an account.
Parameters
| Type | Name | Schema |
|---|---|---|
Body |
input |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
200 |
Expected response to a valid request. |
|
default |
The default response on an error. |
Set the authentication policy for the account.
POST /iam/setAuthenticationPolicy
Description
Set the authentication policy for the account. Any parameters not specified in the request will be cleared, and their default values will be used for authentication. Changes to the authentication policy only affect authentications that are done after the policy has been updated.
Parameters
| Type | Name | Schema |
|---|---|---|
Body |
input |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
200 |
Expected response to a valid request. |
|
default |
The default response on an error. |
Sets the default identity provider.
POST /iam/setDefaultIdentityProvider
Description
Sets the default identity provider used for CDP initiated login requests.
Parameters
| Type | Name | Schema |
|---|---|---|
Body |
input |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
200 |
Expected response to a valid request. |
|
default |
The default response on an error. |
Set the workload password for an actor.
POST /iam/setWorkloadPassword
Description
Set the workload password for an actor. This will be the actor’s password in all Environments they have access to, including Environments they are given access to after setting the password. The password plaintext is not kept.
Parameters
| Type | Name | Schema |
|---|---|---|
Body |
input |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
200 |
Expected response to a valid request. |
|
default |
The default response on an error. |
Set the workload password policy for the account.
POST /iam/setWorkloadPasswordPolicy
Description
Set the workload password for the account. Changes to the workload password policy only affect passwords that are set after the policy has been updated. By default, passwords never expire.
Parameters
| Type | Name | Schema |
|---|---|---|
Body |
input |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
200 |
Expected response to a valid request. |
|
default |
The default response on an error. |
Unassign an Azure cloud identity from an actor or group.
POST /iam/unassignAzureCloudIdentity
Description
Unassign an Azure cloud identity, i.e. an object ID (OID), from an actor or group.
Parameters
| Type | Name | Schema |
|---|---|---|
Body |
input |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
200 |
Expected response to a valid request. |
|
default |
The default response on an error. |
Unassign a resource role from a group.
POST /iam/unassignGroupResourceRole
Description
Unassign a resource role from a group. If the resource role is not currently assigned to the group the request will fail.
Parameters
| Type | Name | Schema |
|---|---|---|
Body |
input |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
200 |
Expected response to a valid request. |
|
default |
The default response on an error. |
Unassign a role from a group.
POST /iam/unassignGroupRole
Description
Unassign a role from a group. If the role is not currently assigned to the group the request will fail.
Parameters
| Type | Name | Schema |
|---|---|---|
Body |
input |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
200 |
Expected response to a valid request. |
|
default |
The default response on an error. |
Unassign a resource role from a machine user.
POST /iam/unassignMachineUserResourceRole
Description
Unassign a resource role from a machine user. If the resource role is not currently assigned to the machine user the request will fail.
Parameters
| Type | Name | Schema |
|---|---|---|
Body |
input |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
200 |
Expected response to a valid request. |
|
default |
The default response on an error. |
Unassign a role from a machine user.
POST /iam/unassignMachineUserRole
Description
Unassign a role from a machine user. If the role is not currently assigned to the machine user the request will fail.
Parameters
| Type | Name | Schema |
|---|---|---|
Body |
input |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
200 |
Expected response to a valid request. |
|
default |
The default response on an error. |
Unassign an Azure cloud identity from a service principal.
POST /iam/unassignServicePrincipalAzureCloudIdentity
Description
Unassign an Azure cloud identity, i.e. an object ID (OID), from a service principal.
Parameters
| Type | Name | Schema |
|---|---|---|
Body |
input |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
200 |
Expected response to a valid request. |
|
default |
The default response on an error. |
Unassign a resource role from a user.
POST /iam/unassignUserResourceRole
Description
Unassign a resource role from a user. If the resource role is not currently assigned to the user the request will fail.
Parameters
| Type | Name | Schema |
|---|---|---|
Body |
input |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
200 |
Expected response to a valid request. |
|
default |
The default response on an error. |
Unassign a role from a user.
POST /iam/unassignUserRole
Description
Unassign a role from a user. If the role is not currently assigned to the user the request will fail.
Parameters
| Type | Name | Schema |
|---|---|---|
Body |
input |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
200 |
Expected response to a valid request. |
|
default |
The default response on an error. |
Unlocks machine user in the CDP control plane.
POST /iam/unlockMachineUserInControlPlane
Description
Unlocks machine user in the CDP control plane. This operation is idempotent. Unlocking an active machine user will succeed and leave the machine user active. This operation is only supported on Cloudera for Government.
Parameters
| Type | Name | Schema |
|---|---|---|
Body |
input |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
200 |
Expected response to a valid request. |
|
default |
The default response on an error. |
Unlocks user in the CDP control plane.
POST /iam/unlockUserInControlPlane
Description
Unlocks user in the CDP control plane. This operation is idempotent. Unlocking an active user will succeed and leave the user active. This operation is only supported on Cloudera for Government.
Parameters
| Type | Name | Schema |
|---|---|---|
Body |
input |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
200 |
Expected response to a valid request. |
|
default |
The default response on an error. |
Removes workload password minimum lifetime date for an actor.
POST /iam/unsetWorkloadPasswordMinLifetime
Description
Removes the workload password minimum lifetime date for an actor.
Parameters
| Type | Name | Schema |
|---|---|---|
Body |
input |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
200 |
Expected response to a valid request. |
|
default |
The default response on an error. |
Unset workload password policy for the account.
POST /iam/unsetWorkloadPasswordPolicy
Description
Unset the workload password for the account. Changes to the workload password policy only affect passwords that are set after the policy has been updated.
Parameters
| Type | Name | Schema |
|---|---|---|
Body |
input |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
200 |
Expected response to a valid request. |
|
default |
The default response on an error. |
Updates an access key.
POST /iam/updateAccessKey
Description
Updates an access key.
Parameters
| Type | Name | Schema |
|---|---|---|
Body |
input |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
200 |
Expected response to a valid request. |
|
default |
The default response on an error. |
Update a group.
POST /iam/updateGroup
Description
Update a group.
Parameters
| Type | Name | Schema |
|---|---|---|
Body |
input |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
200 |
Expected response to a valid request. |
|
default |
The default response on an error. |
Updates a SAML provider in CDP.
POST /iam/updateSamlProvider
Description
Updates a SAML provider in CDP.
Parameters
| Type | Name | Schema |
|---|---|---|
Body |
input |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
200 |
Expected response to a valid request. |
|
default |
The default response on an error. |
Updates a user.
POST /iam/updateUser
Description
Updates a user. Updates request fields provided. An error is returned if no field updates are defined in the request.
Parameters
| Type | Name | Schema |
|---|---|---|
Body |
input |
Responses
| HTTP Code | Description | Schema |
|---|---|---|
200 |
Expected response to a valid request. |
|
default |
The default response on an error. |
Definitions
AccessKey
Information about a Cloudera CDP access key.
| Name | Description | Schema |
|---|---|---|
accessKeyId |
The ID of the access key. |
string |
actorCrn |
The CRN of the actor with which this access key is associated. |
string |
creationDate |
The date when the access key was created. |
string (date-time) |
crn |
The CRN of the access key. |
string |
lastUsage |
Information on the last time this access key was used. |
|
status |
The status of an access key. |
enum (ACTIVE, INACTIVE) |
type |
The type of an access key. |
AccessKeyLastUsage
Information on the last time an access key was used.
| Name | Description | Schema |
|---|---|---|
lastUsageDate |
The date when the access key was last used. |
string (date-time) |
serviceName |
The name of the service with which this access key was most recently used. |
string |
AccessKeyType
The version of an access key. V1 - Deprecated, use RSA as the request signing algorithm. V2 - Use ED25519 as the request signing algorithm. V3 - Use ECDSA as the request signing algorithm. DEFAULT - Use the system default signing algorithm (V3 in GovCloud, V2 in other regions).
Type : enum (V1, V2, V3)
Account
Information about a Cloudera CDP account.
| Name | Description | Schema |
|---|---|---|
authenticationPolicy |
The authentication policy object. May be omitted if no such policy was defined. |
|
clouderaSSOAllLoginEnabled |
Whether login is enabled for Cloudera SSO users. It can only be set by Cloudera upon request and disables interactive login through Cloudera SSO. Note that restricting Cloudera SSO login will prevent account administrators from logging in interactively. Its default value is 'true'. When it is 'true', the Cloudera SSO interactive login behavior is controlled according to the existing |
boolean |
clouderaSSOLoginEnabled |
Whether interactive login using Cloudera SSO is enabled for users who are not account administrators. Its default value is 'true'. When it is 'true', the account administrators, as well as non-administrator users can login through Cloudera SSO. When it is 'false', Cloudera SSO users who are not account administrators will not be able to login. |
boolean |
machineUserWorkloadPasswordPolicy |
The machine user workload password policy object. May be omitted if no such policy was defined. |
|
workloadPasswordPolicy |
The workload password policy object. |
AddMachineUserToGroupRequest
Request object for an add machine user to group request.
| Name | Description | Schema |
|---|---|---|
groupName |
The name or CRN of the group to add the machine user to. |
string |
machineUserName |
The name or CRN of the machine user to add to the group. |
string |
AddMachineUserToGroupResponse
Response object for add machine user to group request.
Type : object
AddSshPublicKeyRequest
Request object for add user ssh public key.
| Name | Description | Schema |
|---|---|---|
actorCrn |
The CRN of the user or machine user for whom the SSH public key will be added. If it is not included, it defaults to the user making the request. |
string |
description |
An optional description for the public key. |
string |
publicKey |
The RSA or ED25519 public ssh key to add. DSA and ECDSA public keys are not supported. The public key should be in RFC4253 format. (e.g. ssh-rsa AAAAB3NzaC1yc2EAAA.. user@host) as produced, for example, by ssh-keygen. |
string |
AddSshPublicKeyResponse
Response object for add ssh public key.
| Name | Description | Schema |
|---|---|---|
sshPublicKey |
Information about the SSH public key. |
AddUserToGroupRequest
Request object for an add user to group request.
| Name | Description | Schema |
|---|---|---|
groupName |
The name or CRN of the group to add the user to. |
string |
userId |
The ID or CRN of the user to add to the group. |
string |
AddUserToGroupResponse
Response object for an add user to group request.
Type : object
AssignAzureCloudIdentityRequest
Request object for an assign Azure cloud identity request.
| Name | Description | Schema |
|---|---|---|
assigneeCrn |
The CRN of the actor or group that the cloud identity will be assigned to. |
string |
objectId |
The Azure object ID (OID) to assign to the actor or group. |
string |
AssignAzureCloudIdentityResponse
Response object for an assign Azure cloud identity request.
Type : object
AssignGroupResourceRoleRequest
Request object for an assign group resource role request.
| Name | Description | Schema |
|---|---|---|
groupName |
The group to assign the resource role to. Can be the group’s name or CRN. |
string |
resourceCrn |
The resource for which the resource role rights are granted. |
string |
resourceRoleCrn |
The CRN of the resource role being assigned to the group. |
string |
AssignGroupResourceRoleResponse
Response object for an assign group resource role request.
Type : object
AssignGroupRoleRequest
Request object for an assign group role request.
| Name | Description | Schema |
|---|---|---|
groupName |
The group to which the role is assigned to. Can be the group name or CRN. |
string |
role |
The role being assigned to the group. Can be the role’s CRN or name. |
string |
AssignGroupRoleResponse
Response object for an assign group role request.
Type : object
AssignMachineUserResourceRoleRequest
Request object for an assign machine user resource role request.
| Name | Description | Schema |
|---|---|---|
machineUserName |
The machine user to assign the resource role to. Can be the machine user’s name or CRN. |
string |
resourceCrn |
The resource for which the resource role rights are granted. |
string |
resourceRoleCrn |
The CRN of the resource role to assign to the machine user. |
string |
AssignMachineUserResourceRoleResponse
Response object for an assign machine user resource role request.
Type : object
AssignMachineUserRoleRequest
Request object for an assign machine user role request.
| Name | Description | Schema |
|---|---|---|
machineUserName |
The machine user the role is assigned to. Can be the machine user’s name or CRN. |
string |
role |
The role to assign to the machine user. Can be the role’s name or CRN. |
string |
AssignMachineUserRoleResponse
Response object for an assign machine user role request.
Type : object
AssignServicePrincipalAzureCloudIdentityRequest
Request object for an assign service principal Azure cloud identity request.
| Name | Description | Schema |
|---|---|---|
environmentCrn |
The CRN of the environment for which the cloud identity assignment will be in effect. |
string |
objectId |
The Azure object ID (OID) to assign to the service principal. |
string |
servicePrincipal |
The name of the service principal that the cloud identity will be assigned to. |
string |
AssignServicePrincipalAzureCloudIdentityResponse
Response object for an assign service principal Azure cloud identity request.
Type : object
AssignUserResourceRoleRequest
Request object for an assign user resource role request.
| Name | Description | Schema |
|---|---|---|
resourceCrn |
The resource for which the resource role rights are granted. |
string |
resourceRoleCrn |
The CRN of the resource role to assign to the user. |
string |
user |
The user to assign the resource role to. Can be the user’s CRN or id. |
string |
AssignUserResourceRoleResponse
Response object for an assign user resource role request.
Type : object
AssignUserRoleRequest
Request object for an assign user role request.
| Name | Description | Schema |
|---|---|---|
role |
The role to assign to the user. Can be the role’s CRN or name. |
string |
user |
The user the role is assigned to. Can be the user’s CRN or id. |
string |
AssignUserRoleResponse
Response object for an assign user role request.
Type : object
AuthenticationPolicy
Information about the authentication policy for an account.
| Name | Description | Schema |
|---|---|---|
accessKeyExpirationSec |
The expiration, in seconds, of the access key. The value of '0' indicates the system default expiration (which is 12 hours). |
integer (int32) |
accessKeyInactivityDurationSec |
The inactivity duration, in seconds, of the access key, which would invalidate the access key due to no activity. The value of '0' indicates default inactivity duration (which is 1 hour normally and 15 minutes for Cloudera for Government). There’s no access key invalidation from no activity if the value is greater or equal to expiration. |
integer (int32) |
clientIpAddressesAllowed |
The list of IP addresses and/or CIDRs used for allowing client access to the UI and API services. Both the allowed list and the blocked list will be used to determine whether to grant or block the client’s access. The blocked list takes precedence over the allowed list. When the list is empty or not set, client IP address will not be validated to be present in the allowed list. |
< string > array |
clientIpAddressesBlocked |
The list of IP addresses and/or CIDRs used for blocking client access to the UI and API services. Both the allowed list and the blocked list will be used to determine whether to grant or block the client’s access. The blocked list takes precedence over the allowed list. When the list is empty or not set, client IP address will not be validated to be absent from the blocked list. |
< string > array |
sessionTokenExpirationSec |
The expiration, in seconds, of the UI session token. The value of '0' indicates the system default expiration (which is 12 hours). |
integer (int32) |
sessionTokenInactivityDurationSec |
The inactivity duration, in seconds, of the UI session token, which would invalidate the session token due to no activity. The value of '0' indicates default inactivity duration (which is 1 hour normally and 15 minutes for Cloudera for Government). There’s no session token invalidation from no activity if the value is greater or equal to expiration. |
integer (int32) |
AzureCloudIdentity
An Azure cloud identity.
| Name | Description | Schema |
|---|---|---|
environmentCrn |
The CRN of the environment this Azure cloud identity is associated with. If omitted, this cloud identity is associated with all Azure environments. |
string |
objectId |
The Azure object ID (OID). |
string |
CreateGroupRequest
Request object for create group request.
| Name | Description | Schema |
|---|---|---|
groupName |
The name of the group. This name must be unique. There are certain restrictions on the group name. Refer to the How To > User Management section in the Management Console documentation for the details. |
string |
syncMembershipOnUserLogin |
Whether group membership is synced when a user logs in. The default is to sync group membership. |
boolean |
CreateGroupResponse
Response object for create group request.
| Name | Description | Schema |
|---|---|---|
group |
Information about the group. |
CreateMachineUserAccessKeyRequest
Request object for a create machine user access key request.
| Name | Description | Schema |
|---|---|---|
machineUserName |
The name or CRN of the machine user to whom this access key will be associated. |
string |
type |
The version of an access key to create. |
CreateMachineUserAccessKeyResponse
Response object for a create machine user access key request.
| Name | Description | Schema |
|---|---|---|
accessKey |
The access key that was created. |
|
privateKey |
The private key associated with this access key. This string is the contents of a PEM file containing a PKCS#8 private key. |
string |
CreateMachineUserRequest
Request object for create machine user request.
| Name | Description | Schema |
|---|---|---|
machineUserName |
The name to use for the new machine user. The name must be an alpha numeric string, including '-' and '', cannot start with '_' (double underscore) and cannot be longer than 128 characters. Only one machine user with this name can exist in an account at a given time. |
string |
CreateMachineUserResponse
Response object for create machine user request.
| Name | Description | Schema |
|---|---|---|
machineUser |
Information about the machine user. |
CreateSamlProviderRequest
Request object for creating SAML provider request.
| Name | Description | Schema |
|---|---|---|
enableScim |
Whether to enable SCIM on this SAML provider. System for Cross-domain Identity Management (SCIM) version 2.0 is a standard for automating the provisioning of user and group identity information from identity provider to CDP. It is not supported for Cloudera for Government. |
boolean |
generateWorkloadUsernameByEmail |
Whether to generate users' workload username by email . The default is to generate workload usernames by identity provider user ID (SAML NameID). |
boolean |
samlMetadataDocument |
SAML metadata document XML file. Length of meta data document cannot be more than 200 KB (200,000 bytes). |
string |
samlProviderName |
The name of SAML provider. The name must be unique, must have a maximum of 128 characters, and must contain only alphanumeric characters, "-" and "_". Names are are not case-sensitive. |
string |
syncGroupsOnLogin |
Whether to sync group information for users federated with this SAML provider. Group membership can be passed using the https://cdp.cloudera.com/SAML/Attributes/groups SAML assertion. The default is to synchronize group membership. |
boolean |
CreateSamlProviderResponse
Response object for a creating SAML provider request.
| Name | Description | Schema |
|---|---|---|
samlProvider |
The SAML provider. |
CreateScimAccessTokenRequest
Request object to create the SCIM access token.
| Name | Description | Schema |
|---|---|---|
accessTokenLifetimeDays |
The lifetime, in days, of the access token. |
integer (int32) |
identityProviderNameOrCrn |
The name or CRN of the SCIM enabled identity provider. |
string |
CreateScimAccessTokenResponse
Response object to create the SCIM access token.
| Name | Description | Schema |
|---|---|---|
accessToken |
The SCIM access token that was created. |
|
accessTokenSecret |
The SCIM access token secret. This secret could be used to authenticate requests sent to SCIM endpoints. |
string |
CreateUserAccessKeyRequest
Request object for a create user access key request.
| Name | Description | Schema |
|---|---|---|
type |
The version of an access key to create. |
|
user |
The ID or CRN of the user to whom this access key will be associated. If it is not included, it defaults to the user making the request. |
string |
CreateUserAccessKeyResponse
Response object for a create user access key request.
| Name | Description | Schema |
|---|---|---|
accessKey |
The access key that was created. |
|
privateKey |
The private key associated with this access key. This string is the contents of a PEM file containing a PKCS#8 private key. |
string |
CreateUserRequest
Request object for creating user request.
| Name | Description | Schema |
|---|---|---|
email |
The email address for the user. Used for display purposes only. |
string |
firstName |
The user first name. |
string |
groups |
The list of groups the user belongs to. The groups will be created if they do not exist. There are certain restrictions on the group name. Refer to the How To > User Management section in the Management Console documentation for the details. |
< string > array |
identityProviderUserId |
The identity provider user id for the user. This ID must match the NameId attribute value that will be passed for the user in the SAML response using the associated SAML provider. |
string |
lastName |
The user last name. |
string |
samlProviderName |
The name or CRN of the SAML provider the user will use for login. |
string |
CreateUserResponse
Response object for a create user request.
| Name | Description | Schema |
|---|---|---|
user |
Information about the user. |
DeleteAccessKeyRequest
Request object for a delete access key request.
| Name | Description | Schema |
|---|---|---|
accessKeyId |
The ID of the access key. |
string |
DeleteAccessKeyResponse
Response object for a delete access key request.
Type : object
DeleteGroupRequest
Request object for delete group request.
| Name | Description | Schema |
|---|---|---|
groupName |
The name or CRN of the group to delete. |
string |
DeleteGroupResponse
Response object for delete group request.
Type : object
DeleteMachineUserRequest
Request object for delete machine user request.
| Name | Description | Schema |
|---|---|---|
machineUserName |
The name or CRN of the machine user to delete. |
string |
DeleteMachineUserResponse
Response object for delete machine user request.
| Name | Description | Schema |
|---|---|---|
accessKeysDeleted |
The list of associated access key CRNs that were deleted. |
< string > array |
groupsModified |
The list of group CRNs from which the machine user has been removed. |
< string > array |
resourcesUnassigned |
The list of resource role assignments that have been unassigned from the machine user. |
< ResourceAssignment > array |
rolesUnassigned |
The list of role CRNs unassigned from the machine user. |
< string > array |
DeleteSamlProviderRequest
Request object for deleting SAML provider request.
| Name | Description | Schema |
|---|---|---|
samlProviderName |
The name or CRN of the SAML provider to delete. |
string |
DeleteSamlProviderResponse
Response object for delete SAML provider request.
Type : object
DeleteScimAccessTokenRequest
Request object to delete the SCIM access token.
| Name | Description | Schema |
|---|---|---|
accessTokenIdOrCrn |
The ID or CRN of the SCIM access token. |
string |
DeleteScimAccessTokenResponse
Response object to delete the SCIM access token.
Type : object
DeleteSshPublicKeyRequest
Request object for delete SSH public key.
| Name | Description | Schema |
|---|---|---|
actorCrn |
The CRN of the user or machine user that the SSH public key belongs to. If it is not included, it defaults to the actor making the request. |
string |
crnOrFingerprint |
The SSH public key CRN or the keys SHA256 fingerprint to remove. |
string |
DeleteSshPublicKeyResponse
Response object for delete SSH public key.
Type : object
DeleteUserRequest
Request object to delete a user.
| Name | Description | Schema |
|---|---|---|
userId |
The ID or CRN of the user to delete. |
string |
DeleteUserResponse
Response object to delete a user.
| Name | Description | Schema |
|---|---|---|
accessKeysDeleted |
The list of associated access key CRNs that were deleted. |
< string > array |
groupsModified |
The list of group CRNs from which the user has been removed. |
< string > array |
resourcesUnassigned |
The list of resource role assignments that have been unassigned from the user. |
< ResourceAssignment > array |
rolesUnassigned |
The list of role CRNs unassigned from the user. |
< string > array |
DescribeSamlProviderRequest
Request object for a describe SAML provider request.
| Name | Description | Schema |
|---|---|---|
samlProviderName |
The name or CRN of the SAML provider to describe. |
string |
DescribeSamlProviderResponse
Response object for a describe SAML request.
| Name | Description | Schema |
|---|---|---|
samlProvider |
The SAML provider. |
DescribeSshPublicKeyRequest
Request object for describe SSH public key.
| Name | Description | Schema |
|---|---|---|
actorCrn |
The CRN of the user or machine user that the SSH public key belongs to. If it is not included, it defaults to the actor making the request. |
string |
crnOrFingerprint |
The SSH public key CRN or its SHA256 fingerprint. |
string |
DescribeSshPublicKeyResponse
Response object for describe user SSH public key.
| Name | Description | Schema |
|---|---|---|
sshPublicKey |
Information about the SSH public key. |
DisableClouderaSSOLoginRequest
Request object for a disable Cloudera SSO login request.
Type : object
DisableClouderaSSOLoginResponse
Response object for a disable Cloudera SSO login request.
Type : object
EnableClouderaSSOLoginRequest
Request object for an enable Cloudera SSO login request.
Type : object
EnableClouderaSSOLoginResponse
Response object for an enable Cloudera SSO login request.
Type : object
Error
An object returned on an error.
| Name | Description | Schema |
|---|---|---|
code |
The error code. |
string |
message |
The error message. |
string |
GenerateWorkloadAuthTokenRequest
Request object for GenerateWorkloadAuthToken method.
| Name | Description | Schema |
|---|---|---|
environmentCrn |
The environment CRN, required by DF. |
string |
workloadName |
The workload name |
GenerateWorkloadAuthTokenResponse
Response object for GenerateWorkloadAuthToken method.
| Name | Description | Schema |
|---|---|---|
endpointUrl |
The workload endpoint URL |
string |
expireAt |
When the information should expire |
string (date-time) |
token |
The authentication token |
string |
GetAccessKeyRequest
Request object for a get access key request.
| Name | Description | Schema |
|---|---|---|
accessKeyId |
The ID of the access key to get information about. If it is not included, it defaults to the access key used to make the request. |
string |
GetAccessKeyResponse
Response object for a get access key request.
| Name | Description | Schema |
|---|---|---|
accessKey |
Information about the access key. |
GetAccountMessagesRequest
Request object for get account messages.
Type : object
GetAccountMessagesResponse
Response object for get account messages.
| Name | Description | Schema |
|---|---|---|
contactYourAdministratorMessage |
Message shown to user when user does not have sufficient rights. |
string |
GetAccountRequest
Request object for a get account request.
Type : object
GetAccountResponse
Response object for a get account response.
| Name | Description | Schema |
|---|---|---|
account |
The account object. |
GetDefaultIdentityProviderRequest
Request object to get the default identity provider.
Type : object
GetDefaultIdentityProviderResponse
Response object to get the default identity provider.
| Name | Description | Schema |
|---|---|---|
crn |
The CRN of the identity provider used for CDP initiated login requests. The CRN could be a user defined identity provider’s CRN or one of the CDP built-ins (like Cloudera SSO). To retrieve more information about your own user-defined saml providers (or other provider types, not the default ones) call the relevant describeXXXProvider, e.g. for SAML providers call describeSamlProvider. |
string |
GetUserRequest
Request object for a get user request.
| Name | Description | Schema |
|---|---|---|
userId |
The ID of the user to get information about. If it is not included, it defaults to the user making the request. |
string |
GetUserResponse
Response object for a get user request.
| Name | Description | Schema |
|---|---|---|
user |
Information about the user. |
Group
Information about a group.
| Name | Description | Schema |
|---|---|---|
azureCloudIdentities |
The list of Azure cloud identities assigned to the group. |
< AzureCloudIdentity > array |
creationDate |
The date when this group record was created. |
string (date-time) |
crn |
The CRN of the group. |
string |
groupName |
The group name. |
string |
syncMembershipOnUserLogin |
Whether group membership is synced when a user logs in. The default is to sync group membership. |
boolean |
ListAccessKeysRequest
Request object for a list access keys request.
| Name | Description | Schema |
|---|---|---|
accessKeyIds |
The access key IDs or CRNs of the access keys. |
< string > array |
pageSize |
The size of each page. |
integer (int32) |
startingToken |
A token to specify where to start paginating. This is the nextToken from a previously truncated response. |
string |
ListAccessKeysResponse
Response object for a list access keys request.
| Name | Description | Schema |
|---|---|---|
accessKeys |
The access keys. |
< AccessKey > array |
nextToken |
The token to use when requesting the next set of results. If not present, there are no additional results. |
string |
ListGroupAssignedResourceRolesRequest
Request object for a list group assigned resource roles request.
| Name | Description | Schema |
|---|---|---|
groupName |
The group to list the assigned resource roles for. Can be the group’s name or CRN. |
string |
pageSize |
The size of each page. |
integer (int32) |
startingToken |
A token to specify where to start paginating. This is the nextToken from a previously truncated response. |
string |
ListGroupAssignedResourceRolesResponse
Response object for a list group assigned resource roles request.
| Name | Description | Schema |
|---|---|---|
nextToken |
The token to use when requesting the next set of results. If not present, there are no additional results. |
string |
resourceAssignments |
The group’s resource assignments. |
< ResourceAssignment > array |
ListGroupAssignedRolesRequest
Request object for a list group assigned roles request.
| Name | Description | Schema |
|---|---|---|
groupName |
The group to list the assigned roles for. Can be the group’s name or CRN. |
string |
pageSize |
The size of each page. |
integer (int32) |
startingToken |
A token to specify where to start paginating. This is the nextToken from a previously truncated response. |
string |
ListGroupAssignedRolesResponse
Response object for a list group assigned roles request.
| Name | Description | Schema |
|---|---|---|
nextToken |
The token to use when requesting the next set of results. If not present, there are no additional results. |
string |
roleCrns |
The role CRNs assigned to the group. |
< string > array |
ListGroupMembersRequest
Request object for a list group members request.
| Name | Description | Schema |
|---|---|---|
groupName |
The name or CRN of the group to list the membership of. |
string |
pageSize |
The size of each page. |
integer (int32) |
startingToken |
A token to specify where to start paginating. This is the nextToken from a previously truncated response. |
string |
ListGroupMembersResponse
Response object for a list group members request.
| Name | Description | Schema |
|---|---|---|
memberCrns |
The list of group members. |
< string > array |
nextToken |
The token to use when requesting the next set of results. If not present, there are no additional results. |
string |
ListGroupsForMachineUserRequest
Request object for a list groups for machine user request.
| Name | Description | Schema |
|---|---|---|
machineUserName |
The name or CRN of the machine user to list the groups of. |
string |
pageSize |
The size of each page. |
integer (int32) |
startingToken |
A token to specify where to start paginating. This is the nextToken from a previously truncated response. |
string |
ListGroupsForMachineUserResponse
Response object for a list groups for machine user request.
| Name | Description | Schema |
|---|---|---|
groupCrns |
The list of groups. |
< string > array |
nextToken |
The token to use when requesting the next set of results. If not present, there are no additional results. |
string |
ListGroupsForUserRequest
Request object for a list groups for user request.
| Name | Description | Schema |
|---|---|---|
pageSize |
The size of each page. |
integer (int32) |
startingToken |
A token to specify where to start paginating. This is the nextToken from a previously truncated response. |
string |
userId |
The ID or CRN of the user to list the groups of. |
string |
ListGroupsForUserResponse
Response object for a list groups for user request.
| Name | Description | Schema |
|---|---|---|
groupCrns |
The list of groups. |
< string > array |
nextToken |
The token to use when requesting the next set of results. If not present, there are no additional results. |
string |
ListGroupsRequest
Request object for a list groups request.
| Name | Description | Schema |
|---|---|---|
groupNames |
The group names or CRNs of the groups. If not provided, all groups in the account are retrieved. |
< string > array |
pageSize |
The size of each page. |
integer (int32) |
startingToken |
A token to specify where to start paginating. This is the nextToken from a previously truncated response. |
string |
ListGroupsResponse
Response object for a list groups request.
| Name | Description | Schema |
|---|---|---|
groups |
The list of groups. |
< Group > array |
nextToken |
The token to use when requesting the next set of results. If not present, there are no additional results. |
string |
ListMachineUserAssignedResourceRolesRequest
Request object for a list machine user assigned resource roles request.
| Name | Description | Schema |
|---|---|---|
machineUserName |
The machine user to list the assigned resource roles for. Can be the machine user’s name or CRN. |
string |
pageSize |
The size of each page. |
integer (int32) |
startingToken |
A token to specify where to start paginating. This is the nextToken from a previously truncated response. |
string |
ListMachineUserAssignedResourceRolesResponse
Response object for a list machine user assigned roles request.
| Name | Description | Schema |
|---|---|---|
nextToken |
The token to use when requesting the next set of results. If not present, there are no additional results. |
string |
resourceAssignments |
The user’s resource assignments. |
< ResourceAssignment > array |
ListMachineUserAssignedRolesRequest
Request object for a list machine user assigned roles request.
| Name | Description | Schema |
|---|---|---|
machineUserName |
The machine user to list the assigned roles for. Can be the machine user’s name or CRN. |
string |
pageSize |
The size of each page. |
integer (int32) |
startingToken |
A token to specify where to start paginating. This is the nextToken from a previously truncated response. |
string |
ListMachineUserAssignedRolesResponse
Response object for a list machine user assigned roles request.
| Name | Description | Schema |
|---|---|---|
nextToken |
The token to use when requesting the next set of results. If not present, there are no additional results. |
string |
roleCrns |
The role CRNs assigned to the user. |
< string > array |
ListMachineUsersRequest
Request object for a list machine users request.
| Name | Description | Schema |
|---|---|---|
machineUserNames |
The names or the CRNs of the machine users. If not provided all machine users for the account are retrieved. |
< string > array |
pageSize |
The size of each page. |
integer (int32) |
startingToken |
A token to specify where to start paginating. This is the nextToken from a previously truncated response. |
string |
ListMachineUsersResponse
Response object for a list machine users request.
| Name | Description | Schema |
|---|---|---|
machineUsers |
The machine users. |
< MachineUser > array |
nextToken |
The token to use when requesting the next set of results. If not present, there are no additional results. |
string |
ListResourceAssigneesRequest
Request object for a list resource assignees request.
| Name | Description | Schema |
|---|---|---|
pageSize |
The size of each page. |
integer (int32) |
resourceCrn |
The resource CRN for which to list the assignees. |
string |
startingToken |
A token to specify where to start paginating. This is the nextToken from a previously truncated response. |
string |
ListResourceAssigneesResponse
Response object for a list resource assignees request.
| Name | Description | Schema |
|---|---|---|
nextToken |
The token to use when requesting the next set of results. If not present, there are no additional results. |
string |
resourceAssignees |
List of resource assignees and their respective resource roles for the resource. |
< ResourceAssignee > array |
ListResourceRolesRequest
Request object for a list resource roles request.
| Name | Description | Schema |
|---|---|---|
pageSize |
The size of each page. |
integer (int32) |
resourceRoleNames |
The resource roles CRNs to retrieve. If empty all resource roles will be returned. |
< string > array |
startingToken |
A token to specify where to start paginating. This is the nextToken from a previously truncated response. |
string |
ListResourceRolesResponse
Response object for a list resource roles request.
| Name | Description | Schema |
|---|---|---|
nextToken |
The token to use when requesting the next set of results. If not present, there are no additional results. |
string |
resourceRoles |
The list of resource roles. Cannot be empty. |
< ResourceRole > array |
ListRolesRequest
Request object for a list roles request.
| Name | Description | Schema |
|---|---|---|
pageSize |
The size of each page. |
integer (int32) |
roleNames |
The roles names or CRNs to retrieve. If empty all roles will be returned. |
< string > array |
startingToken |
A token to specify where to start paginating. This is the nextToken from a previously truncated response. |
string |
ListRolesResponse
Response object for a list roles request.
| Name | Description | Schema |
|---|---|---|
nextToken |
The token to use when requesting the next set of results. If not present, there are no additional results. |
string |
roles |
The list of roles in the account. |
< Role > array |
ListSamlProvidersRequest
Request object for a list SAML providers request.
| Name | Description | Schema |
|---|---|---|
pageSize |
The size of each page. |
integer (int32) |
samlProviderNames |
The SAML providers names or CRNs to retrieve. If empty all SAML providers will be returned. |
< string > array |
startingToken |
A token to specify where to start paginating. This is the nextToken from a previously truncated response. |
string |
ListSamlProvidersResponse
Response object for a list SAML providers request.
| Name | Description | Schema |
|---|---|---|
nextToken |
The token to use when requesting the next set of results. If not present, there are no additional results. |
string |
samlProviders |
The SAML providers. |
< SamlProvider > array |
ListScimAccessTokensRequest
Request object to list the SCIM access tokens.
| Name | Description | Schema |
|---|---|---|
identityProviderNameOrCrn |
The name or CRN of the identity provider. |
string |
pageSize |
The size of each page. |
integer (int32) |
startingToken |
A token to specify where to start paginating. This is the nextToken from a previously truncated response. |
string |
ListScimAccessTokensResponse
Response object to list the SCIM access tokens.
| Name | Description | Schema |
|---|---|---|
accessTokens |
The SCIM access tokens. |
< ScimAccessToken > array |
nextToken |
The token to use when requesting the next set of results. If not present, there are no additional results. |
string |
ListServicePrincipalCloudIdentitiesRequest
Request object for a list service principal cloud identities request.
| Name | Description | Schema |
|---|---|---|
environmentCrn |
The CRN of the environment for which cloud identity mappings should be listed. If omitted, mappings for all environments are listed. |
string |
pageSize |
The size of each page. |
integer (int32) |
servicePrincipals |
The service principals for which cloud identity mappings should be listed. If omitted, mappings for all service principals are listed. |
< string > array |
startingToken |
A token to specify where to start paginating. This is the nextToken from a previously truncated response. |
string |
ListServicePrincipalCloudIdentitiesResponse
Response object for a list service principal cloud identities request.
| Name | Description | Schema |
|---|---|---|
nextToken |
The token to use when requesting the next set of results. If not present, there are no additional results. |
string |
servicePrincipalCloudIdentities |
The list of service principal cloud identity mappings. |
< ServicePrincipalCloudIdentities > array |
ListSshPublicKeysRequest
Request object for list SSH public key.
| Name | Description | Schema |
|---|---|---|
actorCrn |
The CRN of the user or machine user to list SSH public keys for. If it is not included, it defaults to the actor making the request. |
string |
ListSshPublicKeysResponse
Response object for list SSH public key.
| Name | Description | Schema |
|---|---|---|
sshPublicKeys |
The list of SSH Public keys. |
< SshPublicKey > array |
ListUserAssignedResourceRolesRequest
Request object for a list user assigned resource roles request.
| Name | Description | Schema |
|---|---|---|
pageSize |
The size of each page. |
integer (int32) |
startingToken |
A token to specify where to start paginating. This is the nextToken from a previously truncated response. |
string |
user |
The user to list the assigned roles for. Can be the user’s CRN or id. If it is not included, it defaults to the user making the request. |
string |
ListUserAssignedResourceRolesResponse
Response object for a list user assigned roles request.
| Name | Description | Schema |
|---|---|---|
nextToken |
The token to use when requesting the next set of results. If not present, there are no additional results. |
string |
resourceAssignments |
The user’s resource assignments. |
< ResourceAssignment > array |
ListUserAssignedRolesRequest
Request object for a list user assigned roles request.
| Name | Description | Schema |
|---|---|---|
pageSize |
The size of each page. |
integer (int32) |
startingToken |
A token to specify where to start paginating. This is the nextToken from a previously truncated response. |
string |
user |
The user to list the assigned roles for. Can be the user’s CRN or id. If it is not included, it defaults to the user making the request. |
string |
ListUserAssignedRolesResponse
Response object for a list user assigned roles request.
| Name | Description | Schema |
|---|---|---|
nextToken |
The token to use when requesting the next set of results. If not present, there are no additional results. |
string |
roleCrns |
The role CRNs assigned to the user. |
< string > array |
ListUsersRequest
Request object for a list users request.
| Name | Description | Schema |
|---|---|---|
pageSize |
The size of each page. |
integer (int32) |
startingToken |
A token to specify where to start paginating. This is the nextToken from a previously truncated response. |
string |
userIds |
The user IDs or CRNs of the users. |
< string > array |
ListUsersResponse
Response object for a list users request.
| Name | Description | Schema |
|---|---|---|
nextToken |
The token to use when requesting the next set of results. If not present, there are no additional results. |
string |
users |
The users. |
< User > array |
MachineUser
Information about a Cloudera CDP machine user.
| Name | Description | Schema |
|---|---|---|
azureCloudIdentities |
The list of Azure cloud identities assigned to the machine user. |
< AzureCloudIdentity > array |
creationDate |
The date when this machine user record was created. |
string (date-time) |
crn |
The CRN of the user. |
string |
machineUserName |
The machine user name. |
string |
status |
The current status of the machine user. The possible status values are ACTIVE and CONTROL_PLANE_LOCKED_OUT. ACTIVE indicates that the machine user is active in CDP. An active machine user can authenticate to the CDP control plane and workload clusters. CONTROL_PLANE_LOCKED_OUT indicates that the machine user is locked out of the CDP control plane. The locked-out machine user can no longer authenticate to the control plane but can authenticate to the workload clusters. Note that more statuses could be added in the future. The statuses other than ACTIVE are only returned on Cloudera for Government. |
string |
workloadPasswordDetails |
Information about the workload password for the machine user. |
|
workloadUsername |
The username used in all the workload clusters of the machine user. |
string |
PasswordPolicy
An object representing password policy options.
| Name | Description | Schema |
|---|---|---|
maxPasswordLifetimeDays |
The maximum lifetime of passwords, in days. If set to '0' passwords never expire. The default is 0. |
integer (int32) |
minPasswordLength |
The minimum length of a password. Can be any number between 6 and 256. The default minimum password length is 8. |
integer (int32) |
minPasswordLifetimeDays |
The minimum lifetime of passwords, in days. The password must be used for this duration before it can be changed. If set to '0' the password may be changed any time. The default is 0. The minPasswordLifetimeDays must be greater than maxPasswordLifetimeDays. |
integer (int32) |
mustIncludeLowerCaseCharacters |
Whether passwords must include lower case characters. The default is 'true'. |
boolean |
mustIncludeNumbers |
Whether passwords must include numbers. The default is 'true'. |
boolean |
mustIncludeSymbols |
Whether passwords must include symbols. The symbols are '#', '&', '*', '$', '%', '@', '^', '.', '_', and '!'. The default is 'true'. |
boolean |
mustIncludeUpperCaseCharacters |
Whether passwords must include upper case characters. The default is 'true'. |
boolean |
passwordHistorySize |
The number of previous passwords that should be remembered. The user or machine user is prevented from reusing these passwords. Can be any number between 0 and 20. The default is 0, this value means all previous passwords may be reused. |
integer (int32) |
Policy
A policy contains a list of one or more policy statements.
| Name | Description | Schema |
|---|---|---|
crn |
The policy crn. |
string |
policyStatements |
The policy statements. |
< PolicyStatement > array |
PolicyStatement
A policy statement is a list of rights and zero or more resources on which the rights are granted.
| Name | Description | Schema |
|---|---|---|
resources |
The resources on which the rights are granted. |
< string > array |
rights |
The list of rights in the policy statement. |
< string > array |
RemoveMachineUserFromGroupRequest
Request object for a remove machine user from group request.
| Name | Description | Schema |
|---|---|---|
groupName |
The name or CRN of the group to remove the machine user from. |
string |
machineUserName |
The name or CRN of the machine user to add to the group. |
string |
RemoveMachineUserFromGroupResponse
Response object for a remove machine user from group request.
Type : object
RemoveUserFromGroupRequest
Request object for a remove user from group request.
| Name | Description | Schema |
|---|---|---|
groupName |
The name or CRN of the group to remove the user from. |
string |
userId |
The ID or CRN of the user to remove from the group. |
string |
RemoveUserFromGroupResponse
Response object for a remove user from group request.
Type : object
ResourceAssignee
Information about the resource role assignee for the resource.
| Name | Description | Schema |
|---|---|---|
assigneeCrn |
The CRN of the assignee. |
string |
resourceRoleCrn |
The assigned resource role CRN. |
string |
ResourceAssignment
Information about a resource assignment.
| Name | Description | Schema |
|---|---|---|
resourceCrn |
The assigned resource’s CRN. |
string |
resourceRoleCrn |
The assigned resource role CRN. |
string |
ResourceRole
Information about a resource role. A resource role is a role that grants a collection of rights to a user on resources.
| Name | Description | Schema |
|---|---|---|
crn |
The CRN of the resource role. |
string |
rights |
The rights granted by this role. |
< string > array |
Role
Information about a role.
| Name | Description | Schema |
|---|---|---|
crn |
The role’s CRN. |
string |
policies |
The list of policies that belong to the role. Cannot be empty. |
< Policy > array |
SamlProvider
Information used to connect a CDP account to an external identity provider.
| Name | Description | Schema |
|---|---|---|
cdpSpMetadata |
The Service Provider SAML metadata specific to this CDP SAML provider. This field will only be set for createSamlProvider and describeSamlProvider API calls. |
string |
creationDate |
The date when this SAML provider record was created. |
string (date-time) |
crn |
CRN of the SAML provider in CDP. |
string |
enableScim |
Whether SCIM is enabled on this SAML provider. System for Cross-domain Identity Management (SCIM) version 2.0 is a standard for automating the provisioning of user and group identity information from identity provider to CDP. It is omitted for Cloudera for Government. |
boolean |
generateWorkloadUsernameByEmail |
Whether to generate users' workload username by email or by identity provider user ID (SAML NameID). |
boolean |
samlMetadataDocument |
The original metadata that was passed while creating the SAML provider connector. This field will not be set when the SAML provider does not have metadata. This field will not be set for listSamlProviders API response. |
string |
samlProviderId |
The unique ID of the saml provider. |
string |
samlProviderName |
Name of the SAML provider. |
string |
scimUrl |
The SCIM URL if SCIM is enabled. It is omitted for Cloudera for Government. |
string |
syncGroupsOnLogin |
Whether users federated with this SAML provider will have their group membership synchronized. Group membership can be passed using the https://cdp.cloudera.com/SAML/Attributes/groups SAML assertion. |
boolean |
ScimAccessToken
Information about the SCIM access token.
| Name | Description | Schema |
|---|---|---|
accessTokenId |
The SCIM access token id. |
string |
creationDate |
The date when this SCIM access token was created. |
string (date-time) |
crn |
The SCIM access token CRN. |
string |
expirationDate |
The SCIM access token expiration date. The access token never expires if the value is not set. |
string (date-time) |
ServicePrincipalCloudIdentities
Cloud identity mappings for a service principal.
| Name | Description | Schema |
|---|---|---|
azureCloudIdentities |
The list of Azure cloud identities assigned to the service principal. |
< AzureCloudIdentity > array |
servicePrincipal |
The name of the service principal that the cloud identities are assigned to. |
string |
SetAccountMessagesRequest
Request object for set account messages for account.
| Name | Description | Schema |
|---|---|---|
contactYourAdministratorMessage |
Message shown to user when user does not have sufficient rights. Length of message cannot be more than 512 characters. If string is empty, default message is displayed. |
string |
SetAccountMessagesResponse
Response object for set account messages.
Type : object
SetAuthenticationPolicyRequest
Request object for a set authentication policy request.
| Name | Description | Schema |
|---|---|---|
accessKeyExpirationSec |
The expiration, in seconds, of the access key. Set the value to '0' to use system default expiration (which is 12 hours for CDP). The value will be set to '0' if not provided. |
integer (int32) |
accessKeyInactivityDurationSec |
The inactivity duration, in seconds, of the access key, which would invalidate the access key due to inactivity. Set the value to '0' to use the system’s default inactivity duration (which is 1 hour normally and 15 minutes for Cloudera for Government). If set to a value longer than the value for |
integer (int32) |
clientIpAddressesAllowed |
The list of IP addresses and/or CIDRs used for allowing client access to the UI and API services. Duplicated values will be removed automatically. Both the allowed list and the blocked list will be used to determine whether to grant or block the client’s access. The blocked list takes precedence over the allowed list. When the list is empty or not set, client IP address will not be validated to be present in the allowed list. |
< string > array |
clientIpAddressesBlocked |
The list of IP addresses and/or CIDRs used for blocking client access to the UI and API services. Duplicated values will be removed automatically. Both the allowed list and the blocked list will be used to determine whether to grant or block the client’s access. The blocked list takes precedence over the allowed list. When the list is empty or not set, client IP address will not be validated to be absent from the blocked list. |
< string > array |
sessionTokenExpirationSec |
The expiration, in seconds, of the UI session token. Set the value to '0' to use system default expiration (which is 12 hours for CDP). The value will be set to '0' if not provided. |
integer (int32) |
sessionTokenInactivityDurationSec |
The inactivity duration, in seconds, of the UI session token, which would invalidate the session token due to inactivity. Set the value to '0' to use the system’s default inactivity duration (which is 1 hour normally and 15 minutes for Cloudera for Government). If set to a value longer than the value for |
integer (int32) |
SetAuthenticationPolicyResponse
Response object for a set authentication policy request.
Type : object
SetDefaultIdentityProviderRequest
Request object to set the default identity provider.
| Name | Description | Schema |
|---|---|---|
nameOrCrn |
The name or CRN of the default identity provider. |
string |
SetDefaultIdentityProviderResponse
Response object to set the default identity provider.
Type : object
SetWorkloadPasswordPolicyRequest
Request object for a set workload password policy request.
| Name | Description | Schema |
|---|---|---|
globalPasswordPolicy |
The global password policy object. If set, maxPasswordLifetimeDays is ignored, and if not set the default values for the different password policies are used. See PasswordPolicy for more details on the different default values. |
|
machineUsersPasswordPolicy |
The password policy object for machine users. If set, this will be used for enforcing password complexity for machine users instead of the global password policy. |
SetWorkloadPasswordPolicyResponse
Response object for a set workload password policy request.
Type : object
SetWorkloadPasswordRequest
Request object for a set workload password request.
| Name | Description | Schema |
|---|---|---|
actorCrn |
The CRN of the user or machine user for whom the password will be set. If it is not included, it defaults to the user making the request. |
string |
password |
The password value to set |
string |
SetWorkloadPasswordResponse
Response object for a set workload password request.
Type : object
SshPublicKey
Information about an SSH public key.
| Name | Description | Schema |
|---|---|---|
crn |
The SSH public key CRN. |
string |
description |
An optional description for the public key. |
string |
publicKey |
The SSH public key string. Only populated for DescribeSshPublicKeyResponses. This is the same string that was used when the key was added. |
string |
publicKeyFingerprint |
The SSH public key SHA256 fingerprint. This is identical to the SHA256 produced by running the following command on a public key named 'key.pub'; ssh-keygen -l -E SHA256 -f /home/user/.ssh/key.pub. Note that ssh-keygen removes any padding bytes from the BASE64 fingerprint encoding (the '=' characters at the end of the fingerprint) which is also true for this fingerprint. |
string |
UnassignAzureCloudIdentityRequest
Request object for an unassign Azure cloud identity request.
| Name | Description | Schema |
|---|---|---|
assigneeCrn |
The CRN of the actor or group from which the cloud identity will be unassigned. |
string |
UnassignAzureCloudIdentityResponse
Response object for an unassign Azure cloud identity request.
Type : object
UnassignGroupResourceRoleRequest
Request object for an unassign group resource role request.
| Name | Description | Schema |
|---|---|---|
groupName |
The group to unassign the resource role from. |
string |
resourceCrn |
The CRN of the resource for which the resource role rights will be unassigned. |
string |
resourceRoleCrn |
The CRN of the resource role to unassign from the group. |
string |
UnassignGroupResourceRoleResponse
Response object for an unassign group role request.
Type : object
UnassignGroupRoleRequest
Request object for an unassign group role request.
| Name | Description | Schema |
|---|---|---|
groupName |
The group to unassign the role from. Can be the group name or CRN. |
string |
role |
The role to unassign from the group. Can be the role’s CRN or name. |
string |
UnassignGroupRoleResponse
Response object for an unassign group role request.
Type : object
UnassignMachineUserResourceRoleRequest
Request object for an unassign machine user role request.
| Name | Description | Schema |
|---|---|---|
machineUserName |
The machine user to unassign the resource role from. Can be the machine user’s name or CRN. |
string |
resourceCrn |
The CRN of the resource for which the resource role rights will be unassigned. |
string |
resourceRoleCrn |
The CRN of the resource role to unassigned from the machine user. |
string |
UnassignMachineUserResourceRoleResponse
Response object for an unassign machine user role request.
Type : object
UnassignMachineUserRoleRequest
Request object for an unassign machine user role request.
| Name | Description | Schema |
|---|---|---|
machineUserName |
The machine user to unassigned the roles from. Can be the machine user’s name or CRN. |
string |
role |
The role to unassigned from the user. Can be the role’s name or CRN. |
string |
UnassignMachineUserRoleResponse
Response object for an unassign machine user role request.
Type : object
UnassignServicePrincipalAzureCloudIdentityRequest
Request object for an unassign service principal Azure cloud identity request.
| Name | Description | Schema |
|---|---|---|
environmentCrn |
The CRN of the environment for which the cloud identity to unassign is in effect. |
string |
servicePrincipal |
The name of the service principal from which the cloud identity will be unassigned. |
string |
UnassignServicePrincipalAzureCloudIdentityResponse
Response object for an unassign service principal Azure cloud identity request.
Type : object
UnassignUserResourceRoleRequest
Request object for an unassign user role request.
| Name | Description | Schema |
|---|---|---|
resourceCrn |
The CRN of the resource for which the resource role rights will be unassigned. |
string |
resourceRoleCrn |
The CRN of the resource role to unassigned from the user. |
string |
user |
The user to unassign the resource role from. |
string |
UnassignUserResourceRoleResponse
Response object for an unassign user role request.
Type : object
UnassignUserRoleRequest
Request object for an unassign user role request.
| Name | Description | Schema |
|---|---|---|
role |
The role to unassigned from the user. Can be the role’s CRN or name. |
string |
user |
The user to unassigned the roles from. Can be the user CRN or id. |
string |
UnassignUserRoleResponse
Response object for an unassign user role request.
Type : object
UnlockMachineUserInControlPlaneRequest
Request object for unlocking the machine user in the control plane.
| Name | Description | Schema |
|---|---|---|
machineUser |
The name or CRN of the machine user to be unlocked in the CDP control plane. |
string |
UnlockMachineUserInControlPlaneResponse
Response object for unlocking the machine user in the CDP control plane.
| Name | Description | Schema |
|---|---|---|
machineUser |
The unlocked machine user. |
UnlockUserInControlPlaneRequest
Request object for unlocking the user in the CDP control plane.
| Name | Description | Schema |
|---|---|---|
user |
The ID or CRN of the user to be unlocked in the CDP control plane. |
string |
UnlockUserInControlPlaneResponse
Response object for unlocking the user in the CDP control plane.
| Name | Description | Schema |
|---|---|---|
user |
The unlocked user. |
UnsetWorkloadPasswordMinLifetimeRequest
Request object for a unset workload password min lifetime request.
| Name | Description | Schema |
|---|---|---|
actorCrn |
The CRN of the actor for whom to unset the workload password minimum lifetime date. |
string |
UnsetWorkloadPasswordMinLifetimeResponse
Response object for an unset workload password minimum lifetime request.
Type : object
UnsetWorkloadPasswordPolicyRequest
Request object for a unset workload password policy request.
| Name | Description | Schema |
|---|---|---|
unsetGlobalPasswordPolicy |
Whether to unset the global password policy. This will reset the global policy to its defaults. |
boolean |
unsetMachineUsersPasswordPolicy |
Whether to unset the machine user password policy, if one exists. |
boolean |
UnsetWorkloadPasswordPolicyResponse
Response object for a unset workload password policy request.
Type : object
UpdateAccessKeyRequest
Request object for an update access key request.
| Name | Description | Schema |
|---|---|---|
accessKeyId |
The ID of the access key to update. |
string |
status |
The status to assign to the access key. |
enum (ACTIVE, INACTIVE) |
UpdateAccessKeyResponse
Response object for an update access key request.
| Name | Description | Schema |
|---|---|---|
accessKey |
The access key that was updated. |
UpdateGroupRequest
Request object for update group request.
| Name | Description | Schema |
|---|---|---|
groupName |
The name or CRN of the group to update. |
string |
syncMembershipOnUserLogin |
Whether group membership is synced when a user logs in. Can be omitted if no update is required. |
boolean |
UpdateGroupResponse
Response object for update group request.
| Name | Description | Schema |
|---|---|---|
group |
Information about the updated group. |
UpdateSamlProviderRequest
Request object for an updating SAML provider request.
| Name | Description | Schema |
|---|---|---|
enableScim |
Whether to enable SCIM on this SAML provider. System for Cross-domain Identity Management (SCIM) version 2.0 is a standard for automating the provisioning of user and group identity information from identity provider to CDP. It is not supported for Cloudera for Government. |
boolean |
generateWorkloadUsernameByEmail |
Whether to generate users' workload username by email. The default is to generate workload usernames by identity provider user ID (SAML NameID). |
boolean |
samlMetadataDocument |
SAML metadata document XML file. Length of meta data document cannot be more than 200 KB (200,000 bytes). Can be omitted if no update is required. |
string |
samlProviderName |
The name or CRN of SAML provider to update. |
string |
syncGroupsOnLogin |
Whether to sync group information for users federated with this SAML provider. Group membership can be passed using the https://cdp.cloudera.com/SAML/Attributes/groups SAML assertion. The default is to synchronize group membership. Can be omitted if no update is required. |
boolean |
UpdateSamlProviderResponse
Response object for an updating SAML provider request.
| Name | Description | Schema |
|---|---|---|
samlProvider |
The SAML provider. |
UpdateUserRequest
Request object to update a user.
| Name | Description | Schema |
|---|---|---|
active |
The active state to which to set the user. When it is 'true', the user will be activated. When it is 'false' the user will be deactivated. |
boolean |
user |
The CRN or userId of the user to be updated. |
string |
UpdateUserResponse
Response object to update a user.
| Name | Description | Schema |
|---|---|---|
user |
Information about the updated user. |
User
Information about a Cloudera CDP user.
| Name | Description | Schema |
|---|---|---|
accountAdmin |
Whether the user is an administrator of their CDP account. |
boolean |
azureCloudIdentities |
The list of Azure cloud identities assigned to the user. |
< AzureCloudIdentity > array |
creationDate |
The date when this user record was created. |
string (date-time) |
crn |
The CRN of the user. |
string |
email |
The user’s email address. |
string |
firstName |
The user’s first name. |
string |
identityProviderCrn |
The identity provider that the user belongs to. It can be "Cloudera-Default", "Cloudera-Administration", or a customer defined IdP. |
string |
lastInteractiveLogin |
The date of the user’s last interactive login. |
string (date-time) |
lastName |
The user’s last name. |
string |
status |
The current status of the user. The possible status values are ACTIVE, CONTROL_PLANE_LOCKED_OUT, and DEACTIVATED. ACTIVE indicates that the user is active in CDP. An active user can authenticate to the CDP control plane and workload clusters. CONTROL_PLANE_LOCKED_OUT indicates that the user is locked out of the CDP control plane. The locked-out user can no longer authenticate to the control plane but can authenticate to the workload clusters. DEACTIVATED indicates that the user is deactivated in CDP. A deactivated user can neither authenticate to the control plane nor to the workload clusters. Note that more statuses could be added in the future. The statuses other than ACTIVE are only returned on Cloudera for Government. |
string |
userId |
The stable, unique identifier of the user. |
string |
workloadPasswordDetails |
Information about the workload password for the user. |
|
workloadUsername |
The username used in all the workload clusters of the user. |
string |
WorkloadName
The workload name.
Type : enum (DE, DF, OPDB)
WorkloadPasswordDetails
Information about the workload password for a user or machine user.
| Name | Description | Schema |
|---|---|---|
isPasswordSet |
Whether a workload password is set. |
boolean |
passwordExpirationDate |
The date at which the workload password will expire. |
string (date-time) |
passwordMinLifetimeDate |
The minimum lifetime date of the workload password. A new password can’t be set until this date. |
string (date-time) |
WorkloadPasswordPolicy
Information about the workload password policy for an account.
| Name | Description | Schema |
|---|---|---|
maxPasswordLifetimeDays |
The maximum lifetime, in days, of the password. If '0' passwords never expire. |
integer (int32) |
minPasswordLength |
The minimum length of a password. |
integer (int32) |
minPasswordLifetimeDays |
The minimum lifetime of passwords, in days. The password must be used for this duration before it can be changed. If set to '0' the password may be changed any time. The default is 0. |
integer (int32) |
mustIncludeLowerCaseCharacters |
Whether passwords must include lower case characters. |
boolean |
mustIncludeNumbers |
Whether passwords must include numbers. |
boolean |
mustIncludeSymbols |
Whether passwords must include symbols. The symbols are '#', '&', '*', '$', '%', '@', '^', '.', '_', and '!'. |
boolean |
mustIncludeUpperCaseCharacters |
Whether passwords must include upper case characters. |
boolean |
passwordHistorySize |
The number of previous passwords that should be remembered. The user or machine user is prevented from reusing these passwords. Can be any number between 0 and 20. The default is 0, this value means all previous passwords may be reused. |
integer (int32) |