update-security-access¶
- subtitle
Updates the security access settings of the given environment.
- version
0.9.122
Description¶
Updates the security access settings of the given environment.
Synopsis¶
update-security-access
--environment <value>
--gateway-node-security-group-id <value>
--default-security-group-id <value>
[--cli-input-json <value>]
[--generate-cli-skeleton]
Options¶
--environment
(string)
The name or the CRN of the environment.
--gateway-node-security-group-id
(string)
Security group ID where Knox-enabled hosts are placed.
--default-security-group-id
(string)
Security group ID for non-gateway nodes.
--cli-input-json
(string)
Performs service operation based on the JSON string provided. The JSON string follows the format provided by
--generate-cli-skeleton
. If other arguments are provided on the command line, the CLI values will override the JSON-provided values.
--generate-cli-skeleton
(boolean)
Prints a sample input JSON to standard output. Note the specified operation is not run if this argument is specified. The sample input can be used as an argument for
--cli-input-json
.
Output¶
environment -> (object)
The environment.
environmentName -> (string)
Name of the environment.
crn -> (string)
CRN of the environment.
status -> (string)
Status of the environment.
region -> (string)
Region of the environment.
cloudPlatform -> (string)
Cloud platform of the environment.
credentialName -> (string)
Name of the credential of the environment.
network -> (object)
The network.
networkName -> (string)
Name or id of the network
subnetIds -> (array)
Subnet names or ids of the network.
item -> (string)
endpointAccessGatewayScheme -> (string)
The scheme for the endpoint gateway. PUBLIC indicates an external endpoint that can be accessed over the Internet.
endpointAccessGatewaySubnetIds -> (array)
The subnets to use for endpoint access gateway.
item -> (string)
aws -> (object)
AWS network parameters.
vpcId -> (string)
VPC ids of the specified networks.
azure -> (object)
Azure network parameters.
networkId -> (string)
The id of the Azure VNet.
resourceGroupName -> (string)
The name of the resource group associated with the VNet.
usePublicIp -> (boolean)
Whether to associate public ip’s to the resources within the network.
databasePrivateDnsZoneId -> (string)
The full Azure resource ID of the existing Private DNS Zone used for Flexible Server and Single Server Databases.
aksPrivateDnsZoneId -> (string)
The full Azure resource ID of an existing Private DNS zone used for the AKS.
enableOutboundLoadBalancer -> (boolean)
Whether the outbound load balancer was created for this environment.
flexibleServerSubnetIds -> (array)
The subnets delegated for Flexible Server database. Accepts either the name or the full resource id.
item -> (string)
gcp -> (object)
GCP network parameters.
networkName -> (string)
The name of the GCP VPC.
usePublicIp -> (boolean)
Whether to associate public ip’s to the resources within the network.
sharedProjectId -> (string)
The ID of the Google project associated with the VPC.
networkCidr -> (string)
The range of private IPv4 addresses that resources will use under this network.
subnetMetadata -> (map)
Additional subnet metadata of the network.
key -> (string)
value -> (object)
Information about a cloud provider subnet.
subnetId -> (string)
The id of the subnet.
subnetName -> (string)
The name of the subnet.
availabilityZone -> (string)
The availability zone of the subnet.
cidr -> (string)
The CIDR IP range of the subnet.
logStorage -> (object)
Storage configuration for cluster and audit logs.
enabled -> (boolean)
Whether external log storage is enabled.
awsDetails -> (object)
AWS-specific log storage configuration information.
storageLocationBase -> (string)
The base location to store logs in S3. This should be an s3a:// url.
instanceProfile -> (string)
The AWS instance profile that which contains the necessary permissions to access the S3 storage location.
azureDetails -> (object)
Azure-specific log storage configuration information.
storageLocationBase -> (string)
The storage location to use. The location has to be in the following format abfs://filesystem@storage-account-name.dfs.core.windows.net.
managedIdentity -> (string)
The managed identity associated with the logger. This identity should have Storage Blob Data Contributor role on the given storage account.
gcpDetails -> (object)
GCP-specific log storage configuration information.
storageLocationBase -> (string)
The storage location to use. This should be a gs:// url.
serviceAccountEmail -> (string)
Email ID of the service account associated with the logging instances.
backupStorage -> (object)
Storage configuration for backup.
enabled -> (boolean)
Whether external backup storage is enabled. The default value is disabled.
awsDetails -> (object)
AWS-specific backup storage configuration information.
storageLocationBase -> (string)
The base location to store backup in S3. This should be an s3a:// url.
instanceProfile -> (string)
The AWS instance profile which contains the necessary permissions to access the S3 storage location.
azureDetails -> (object)
Azure-specific backup storage configuration information.
storageLocationBase -> (string)
The storage location to use. The location has to be in the following format abfs://filesystem@storage-account-name.dfs.core.windows.net.
managedIdentity -> (string)
The managed identity associated with the backup. This identity should have Storage Blob Data Contributor role on the given storage account.
gcpDetails -> (object)
GCP-specific backup storage configuration information.
storageLocationBase -> (string)
The storage location to use. This should be a gs:// url.
serviceAccountEmail -> (string)
Email ID of the service account associated with the backup instances.
authentication -> (object)
Additional SSH key authentication configuration for accessing cluster node instances.
publicKey -> (string)
SSH Public key string.
publicKeyId -> (string)
Public SSH key ID already registered in the cloud provider.
loginUserName -> (string)
The SSH user name created on the nodes for SSH access.
securityAccess -> (object)
Security control configuration for FreeIPA and Datalake deployment.
cidr -> (string)
CIDR range which is allowed for inbound traffic. Either IPv4 or IPv6 is allowed.
securityGroupIdForKnox -> (string)
Security group where Knox-enabled hosts are placed.
defaultSecurityGroupId -> (string)
Security group where all other hosts are placed.
description -> (string)
Description of the environment
statusReason -> (string)
The status reason.
created -> (datetime)
Creation date
creator -> (string)
The CRN of the user who has created the given environment.
awsDetails -> (object)
AWS-specific environment configuration information.
s3GuardTableName -> (string)
The name for the DynamoDB table backing S3Guard.
gcpDetails -> (object)
GCP specific environment configuration information.
sharedProjectId -> (string)
ID of the Google project where the resources are created.
workloadAnalytics -> (boolean)
When this is enabled, diagnostic information about job and query execution is sent to Workload Manager for Data Hub clusters created within this environment.
reportDeploymentLogs -> (boolean)
When true, this will report additional diagnostic information back to Cloudera.
freeipa -> (object)
Details of a FreeIPA cluster.
crn -> (string)
CRN of the FreeIPA cluster.
domain -> (string)
The domain name of the FreeIPA cluster.
hostname -> (string)
The hostname of the FreeIPA cluster.
serverIP -> (array)
The IP addresses of the FreeIPA cluster.
item -> (string)
recipes -> (array)
The recipes for the FreeIPA cluster.
item -> (string)
instances -> (array)
The instances of the FreeIPA cluster.
item -> (object)
Object for a FreeIPA instance providing specific information about the instance.
availabilityZone -> (string)
The availability zone of the instance.
discoveryFQDN -> (string)
The fully qualified domain name of the instance in the service discovery cluster.
instanceId -> (string)
The instance ID for the instance.
instanceGroup -> (string)
The instance group that contains the instance.
instanceStatus -> (string)
The status of the instance.
instanceStatusReason -> (string)
The status reason for the instance.
instanceType -> (string)
The type of the instance (either GATEWAY or GATEWAY_PRIMARY).
instanceVmType -> (string)
The VM type of the instance. Supported values depend on the cloud platform.
lifeCycle -> (string)
The life cycle type for the instance (either NORMAL or SPOT).
privateIP -> (string)
The private IP of the instance.
publicIP -> (string)
The public IP of the instance.
sshPort -> (integer)
The SSH port of the instance.
subnetId -> (string)
The subnet ID of the instance.
attachedVolumes -> (array)
List of volumes attached to this instance.
item -> (object)
The attached volume configuration.
count -> (integer)
The number of volumes.
volumeType -> (string)
The type of volumes.
size -> (integer)
The size of each volume in GB.
instanceCountByGroup -> (integer)
The number of FreeIPA instances to create per group when creating FreeIPA in environment.
multiAz -> (boolean)
Whether the given FreeIPA is deployed in a multi-availability zone way or not.
proxyConfig -> (object)
A proxy config object.
proxyConfigName -> (string)
The name of the proxy config.
crn -> (string)
The CRN of the proxy config.
protocol -> (string)
The protocol.
host -> (string)
The proxy host.
port -> (integer)
The proxy port.
description -> (string)
A description for the proxy config.
noProxyHosts -> (string)
Comma-separated list of ‘CIDR’, ‘[.]host[:port]’ (can be a subdomain as well) and ‘IP[:port]’ entries that should not be proxied. Wildcards are not accepted. For example .cloudera.com,192.168.1.1
user -> (string)
The proxy user.
password -> (string)
The proxy password.
inboundProxyCidr -> (array)
Allow these CIDR for Inbound communication.
item -> (string)
tags -> (object)
Environment tags object containing the tag values defined for the environment.
userDefined -> (map)
Map of tag names to values, for user-defined tags.
key -> (string)
value -> (string)
Tag value for the user-defined tag.
defaults -> (map)
Map of tag names to values, for default tags.
key -> (string)
value -> (string)
Tag value for the default tag.
dataServices -> (object)
Data Services parameters response of the environment.
azure -> (object)
Azure-specific Data Service parameters response.
sharedManagedIdentity -> (string)
User-assigned managed identity used by the AKS control plane.
customDockerRegistry -> (object)
The configured custom docker registry for data services.
crn -> (string)
The CRN of the configured custom docker registry for data services on the environment.
Form Factors¶
public, private