set-authentication-policy

subtitle

Set the authentication policy for the account.

version

0.9.128

Description

Set the authentication policy for the account. Any parameters not specified in the request will be cleared, and their default values will be used for authentication. Changes to the authentication policy only affect authentications that are done after the policy has been updated.

Synopsis

  set-authentication-policy
[--access-key-inactivity-duration-sec <value>]
[--access-key-expiration-sec <value>]
[--session-token-inactivity-duration-sec <value>]
[--session-token-expiration-sec <value>]
[--client-ip-addresses-allowed <value>]
[--client-ip-addresses-blocked <value>]
[--cli-input-json <value>]
[--generate-cli-skeleton]

Options

--access-key-inactivity-duration-sec (integer)

The inactivity duration, in seconds, of the access key, which would invalidate the access key due to inactivity. Set the value to ‘0’ to use the system’s default inactivity duration (which is 1 hour normally and 15 minutes for Cloudera for Government). If set to a value longer than the value for accessKeyExpirationSec then there will be no inactivity timeout. The value will be set to ‘0’ if not provided.

--access-key-expiration-sec (integer)

The expiration, in seconds, of the access key. Set the value to ‘0’ to use system default expiration (which is 12 hours for CDP). The value will be set to ‘0’ if not provided.

--session-token-inactivity-duration-sec (integer)

The inactivity duration, in seconds, of the UI session token, which would invalidate the session token due to inactivity. Set the value to ‘0’ to use the system’s default inactivity duration (which is 1 hour normally and 15 minutes for Cloudera for Government). If set to a value longer than the value for sessionTokenExpirationSec then there will be no inactivity timeout. The value will be set to ‘0’ if not provided.

--session-token-expiration-sec (integer)

The expiration, in seconds, of the UI session token. Set the value to ‘0’ to use system default expiration (which is 12 hours for CDP). The value will be set to ‘0’ if not provided.

--client-ip-addresses-allowed (array)

The list of IP addresses and/or CIDRs used for allowing client access to the UI and API services. Duplicated values will be removed automatically. Both the allowed list and the blocked list will be used to determine whether to grant or block the client’s access. The blocked list takes precedence over the allowed list. When the list is empty or not set, client IP address will not be validated to be present in the allowed list.

Syntax:

"string" "string" ...

--client-ip-addresses-blocked (array)

The list of IP addresses and/or CIDRs used for blocking client access to the UI and API services. Duplicated values will be removed automatically. Both the allowed list and the blocked list will be used to determine whether to grant or block the client’s access. The blocked list takes precedence over the allowed list. When the list is empty or not set, client IP address will not be validated to be absent from the blocked list.

Syntax:

"string" "string" ...

--cli-input-json (string)

Performs service operation based on the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton. If other arguments are provided on the command line, the CLI values will override the JSON-provided values.

--generate-cli-skeleton (boolean)

Prints a sample input JSON to standard output. Note the specified operation is not run if this argument is specified. The sample input can be used as an argument for --cli-input-json.

Output

Form Factors

public, private